I'm
not sure which source files belong to that third party library.
The
two non-bogus warnings I got were:
libclamunrar/arcread.cpp:32:3:
warning: 'ReadSize' may be used uninitialized in this function
libclamunrar/rijndael.cpp:101:21:
warning: 'uKeyLenInBytes' may be used uninitialized in this function
These
seem to assume that an input variable takes on an allowed value;
I
don't know if that assumption can always be guaranteed.
libclamunrar is in fact UnRAR 5.6.5 from RARLab with very, very limited changes from our team. I just spoke with a developer from their team and he's happy to initialize those variables when they're defined, to appease the compiler, even though they do
actually get initialized later. The UnRAR developers are extremely responsive and helpful.
The warnings in our own code regarding integers of different
signedness are probably most concerning. I very much want to take a
stab at cleaning those up as soon as I find time, but it will require
much care and heavy regression testing as it can be very easy to
break things when changing variable types.
Indeed.
On-the-spot typecasting is less invasive but more awkward.