o5r/plan9port
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

libsec: avoid undefined C

Browse source 
gcc compiles `p + length < p' into 'length < 0' since pointer overflow is undefined behavior in C.  This breaks the check against a large `length'.

Use `length > pend - p' instead.

There's no need to check `length < 0' since `length' is from length_decode() and should be non-negative.

===

Try the simplified code.

void bar(void);
void foo(unsigned char *p, int length)
{
        if (p + length < p)
                bar();
}

$ gcc -S -o - t.c -O2
...
foo:
.LFB0:
        .cfi_startproc
        testl	%esi, %esi
        js	.L4
        rep
        ret
.L4:
        jmp	bar
        .cfi_endproc

Clearly `p' is not used at all.

R=rsc
CC=plan9port.codebot
https://codereview.appspot.com/7231069
This commit is contained in:
Xi Wang 2013-03-19 14:35:16 -04:00 committed by Russ Cox
parent 01e3847b7e
commit 8a2a5b8f25
1 changed files with 1 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

3
src/libsec/port/x509.c
View file

@ -2077,8 +2077,7 @@ digest_certinfo(Bytes *cert, DigestFun digestfun, uchar *digest)
if(tag_decode(&p, pend, &tag, &isconstr) != ASN_OK ||
tag.class != Universal || tag.num != SEQUENCE ||
length_decode(&p, pend, &length) != ASN_OK ||
p+length > pend ||
p+length < p)
length > pend - p)
return;
info = p;
if(ber_decode(&p, pend, &elem) != ASN_OK || elem.tag.num != SEQUENCE)