From 977756590cb64443fdeb7f3792124e62438f8a2c Mon Sep 17 00:00:00 2001 From: Philip Withnall Date: Thu, 5 May 2022 13:24:44 +0100 Subject: [PATCH] ghmac: Fix some signed/unsigned issues with g_checksum_type_get_length() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit As with the previous commit, the return value from `g_checksum_type_get_length()` is signed, but some of the `GHmac` code was treating it as unsigned. Add some assertions to make it clearer to static analysis that this is OK because `GHmac` only ever calls it after validating its input, so it’s guaranteed to never return a negative number. Signed-off-by: Philip Withnall --- glib/ghmac.c | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/glib/ghmac.c b/glib/ghmac.c index 96c7dedb1..16e0e48f2 100644 --- a/glib/ghmac.c +++ b/glib/ghmac.c @@ -289,11 +289,17 @@ const gchar * g_hmac_get_string (GHmac *hmac) { guint8 *buffer; + gssize digest_len_signed; gsize digest_len; g_return_val_if_fail (hmac != NULL, NULL); - digest_len = g_checksum_type_get_length (hmac->digest_type); + /* It shouldn’t be possible for @digest_len_signed to be negative, as + * `hmac->digest_type` has already been validated as being supported. */ + digest_len_signed = g_checksum_type_get_length (hmac->digest_type); + g_assert (digest_len_signed >= 0); + digest_len = digest_len_signed; + buffer = g_alloca (digest_len); /* This is only called for its side-effect of updating hmac->digesto... */ @@ -329,7 +335,13 @@ g_hmac_get_digest (GHmac *hmac, g_return_if_fail (hmac != NULL); - len = g_checksum_type_get_length (hmac->digest_type); + /* It shouldn’t be possible for @len_signed to be negative, as + * `hmac->digest_type` has already been validated as being supported. */ + len_signed = g_checksum_type_get_length (hmac->digest_type); + g_assert (len_signed >= 0); + len = len_signed; + + /* @buffer must be long enough for the digest */ g_return_if_fail (*digest_len >= len); /* Use the same buffer, because we can :) */