From a03160adf304aa523ddf29fec916477c16c17cbf Mon Sep 17 00:00:00 2001 From: Philip Withnall Date: Tue, 22 Nov 2022 14:15:11 +0000 Subject: [PATCH] giochannel: Fix incorrect use of a signed gsize when unsigned will do MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The value of `wrote_bytes` will never be negative, so there’s no need to store it in a signed type. Add a couple of assertions to validate that it never decreases and hence can never go negative. Signed-off-by: Philip Withnall --- glib/giochannel.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/glib/giochannel.c b/glib/giochannel.c index 9f19ad6cf..a16891f4f 100644 --- a/glib/giochannel.c +++ b/glib/giochannel.c @@ -2205,7 +2205,7 @@ g_io_channel_write_chars (GIOChannel *channel, { gsize count_unsigned; GIOStatus status; - gssize wrote_bytes = 0; + gsize wrote_bytes = 0; g_return_val_if_fail (channel != NULL, G_IO_STATUS_ERROR); g_return_val_if_fail (buf != NULL || count == 0, G_IO_STATUS_ERROR); @@ -2313,7 +2313,11 @@ g_io_channel_write_chars (GIOChannel *channel, if (!channel->encoding) { - gssize write_this = MIN (space_in_buf, count_unsigned - wrote_bytes); + gsize write_this = MIN (space_in_buf, count_unsigned - wrote_bytes); + + /* g_string_append_len() takes a gssize, so don’t overflow it*/ + if (write_this > G_MAXSSIZE) + write_this = G_MAXSSIZE; g_string_append_len (channel->write_buf, buf, write_this); buf += write_this; @@ -2476,7 +2480,10 @@ reconvert: g_warning ("Illegal sequence due to partial character " "at the end of a previous write."); else - wrote_bytes += from_buf_len - left_len - from_buf_old_len; + { + g_assert (from_buf_len >= left_len + from_buf_old_len); + wrote_bytes += from_buf_len - left_len - from_buf_old_len; + } if (bytes_written) *bytes_written = wrote_bytes; channel->partial_write_buf[0] = '\0';