[glib: 2/3] ghmac: Fix some signed/unsigned issues with g_checksum_type_get_length()

From: Sebastian Dröge <sdroege src gnome org>
To: commits-list gnome org
Cc:
Subject: [glib: 2/3] ghmac: Fix some signed/unsigned issues with g_checksum_type_get_length()
Date: Tue, 17 May 2022 07:28:10 +0000 (UTC)


commit 977756590cb64443fdeb7f3792124e62438f8a2c
Author: Philip Withnall <pwithnall endlessos org>
Date:   Thu May 5 13:24:44 2022 +0100

    ghmac: Fix some signed/unsigned issues with g_checksum_type_get_length()
    
    As with the previous commit, the return value from
    `g_checksum_type_get_length()` is signed, but some of the `GHmac` code
    was treating it as unsigned.
    
    Add some assertions to make it clearer to static analysis that this is
    OK because `GHmac` only ever calls it after validating its input, so
    it’s guaranteed to never return a negative number.
    
    Signed-off-by: Philip Withnall <pwithnall endlessos org>

 glib/ghmac.c | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)
---
diff --git a/glib/ghmac.c b/glib/ghmac.c
index 96c7dedb11..16e0e48f2e 100644
--- a/glib/ghmac.c
+++ b/glib/ghmac.c
@@ -289,11 +289,17 @@ const gchar *
 g_hmac_get_string (GHmac *hmac)
 {
   guint8 *buffer;
+  gssize digest_len_signed;
   gsize digest_len;
 
   g_return_val_if_fail (hmac != NULL, NULL);
 
-  digest_len = g_checksum_type_get_length (hmac->digest_type);
+  /* It shouldn’t be possible for @digest_len_signed to be negative, as
+   * `hmac->digest_type` has already been validated as being supported. */
+  digest_len_signed = g_checksum_type_get_length (hmac->digest_type);
+  g_assert (digest_len_signed >= 0);
+  digest_len = digest_len_signed;
+
   buffer = g_alloca (digest_len);
 
   /* This is only called for its side-effect of updating hmac->digesto... */
@@ -329,7 +335,13 @@ g_hmac_get_digest (GHmac  *hmac,
 
   g_return_if_fail (hmac != NULL);
 
-  len = g_checksum_type_get_length (hmac->digest_type);
+  /* It shouldn’t be possible for @len_signed to be negative, as
+   * `hmac->digest_type` has already been validated as being supported. */
+  len_signed = g_checksum_type_get_length (hmac->digest_type);
+  g_assert (len_signed >= 0);
+  len = len_signed;
+
+  /* @buffer must be long enough for the digest */
   g_return_if_fail (*digest_len >= len);
 
   /* Use the same buffer, because we can :) */

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]