Loading src/lib/buf/buffers.c +14 −14 Original line number Diff line number Diff line Loading @@ -285,7 +285,7 @@ buf_t * buf_new_with_data(const char *cp, size_t sz) { /* Validate arguments */ if (!cp || sz <= 0 || sz >= INT_MAX) { if (!cp || sz <= 0 || sz > INT_MAX - 1) { return NULL; } Loading Loading @@ -530,9 +530,9 @@ buf_add(buf_t *buf, const char *string, size_t string_len) return (int)buf->datalen; check(); if (BUG(buf->datalen >= INT_MAX)) if (BUG(buf->datalen > INT_MAX - 1)) return -1; if (BUG(buf->datalen >= INT_MAX - string_len)) if (BUG(buf->datalen > INT_MAX - 1 - string_len)) return -1; while (string_len) { Loading @@ -551,7 +551,7 @@ buf_add(buf_t *buf, const char *string, size_t string_len) } check(); tor_assert(buf->datalen < INT_MAX); tor_assert(buf->datalen <= INT_MAX - 1); return (int)buf->datalen; } Loading Loading @@ -645,7 +645,7 @@ buf_get_bytes(buf_t *buf, char *string, size_t string_len) buf_peek(buf, string, string_len); buf_drain(buf, string_len); check(); tor_assert(buf->datalen < INT_MAX); tor_assert(buf->datalen <= INT_MAX - 1); return (int)buf->datalen; } Loading @@ -660,9 +660,9 @@ buf_move_to_buf(buf_t *buf_out, buf_t *buf_in, size_t *buf_flushlen) char b[4096]; size_t cp, len; if (BUG(buf_out->datalen >= INT_MAX || *buf_flushlen >= INT_MAX)) if (BUG(buf_out->datalen > INT_MAX - 1 || *buf_flushlen > INT_MAX - 1)) return -1; if (BUG(buf_out->datalen >= INT_MAX - *buf_flushlen)) if (BUG(buf_out->datalen > INT_MAX - 1 - *buf_flushlen)) return -1; len = *buf_flushlen; Loading @@ -670,7 +670,7 @@ buf_move_to_buf(buf_t *buf_out, buf_t *buf_in, size_t *buf_flushlen) len = buf_in->datalen; cp = len; /* Remember the number of bytes we intend to copy. */ tor_assert(cp < INT_MAX); tor_assert(cp <= INT_MAX - 1); while (len) { /* This isn't the most efficient implementation one could imagine, since * it does two copies instead of 1, but I kinda doubt that this will be Loading @@ -692,9 +692,9 @@ buf_move_all(buf_t *buf_out, buf_t *buf_in) tor_assert(buf_out); if (!buf_in) return; if (BUG(buf_out->datalen >= INT_MAX || buf_in->datalen >= INT_MAX)) if (BUG(buf_out->datalen > INT_MAX - 1 || buf_in->datalen > INT_MAX - 1)) return; if (BUG(buf_out->datalen >= INT_MAX - buf_in->datalen)) if (BUG(buf_out->datalen > INT_MAX - 1 - buf_in->datalen)) return; if (buf_out->head == NULL) { Loading Loading @@ -748,7 +748,7 @@ buf_find_pos_of_char(char ch, buf_pos_t *out) char *cp = memchr(chunk->data+pos, ch, chunk->datalen - pos); if (cp) { out->chunk = chunk; tor_assert(cp - chunk->data < INT_MAX); tor_assert(cp - chunk->data <= INT_MAX - 1); out->pos = (int)(cp - chunk->data); return out->chunk_pos + out->pos; } else { Loading Loading @@ -811,7 +811,7 @@ buf_find_string_offset(const buf_t *buf, const char *s, size_t n) buf_pos_init(buf, &pos); while (buf_find_pos_of_char(*s, &pos) >= 0) { if (buf_matches_at_pos(&pos, s, n)) { tor_assert(pos.chunk_pos + pos.pos < INT_MAX); tor_assert(pos.chunk_pos + pos.pos <= INT_MAX - 1); return (int)(pos.chunk_pos + pos.pos); } else { if (buf_pos_inc(&pos)<0) Loading Loading @@ -845,7 +845,7 @@ buf_find_offset_of_char(buf_t *buf, char ch) { chunk_t *chunk; ptrdiff_t offset = 0; tor_assert(buf->datalen < INT_MAX); tor_assert(buf->datalen <= INT_MAX - 1); for (chunk = buf->head; chunk; chunk = chunk->next) { char *cp = memchr(chunk->data, ch, chunk->datalen); if (cp) Loading Loading @@ -915,7 +915,7 @@ buf_assert_ok(buf_t *buf) for (ch = buf->head; ch; ch = ch->next) { total += ch->datalen; tor_assert(ch->datalen <= ch->memlen); tor_assert(ch->datalen < INT_MAX); tor_assert(ch->datalen <= INT_MAX - 1); tor_assert(ch->data >= &ch->mem[0]); tor_assert(ch->data <= &ch->mem[0]+ch->memlen); if (ch->data == &ch->mem[0]+ch->memlen) { Loading Loading
src/lib/buf/buffers.c +14 −14 Original line number Diff line number Diff line Loading @@ -285,7 +285,7 @@ buf_t * buf_new_with_data(const char *cp, size_t sz) { /* Validate arguments */ if (!cp || sz <= 0 || sz >= INT_MAX) { if (!cp || sz <= 0 || sz > INT_MAX - 1) { return NULL; } Loading Loading @@ -530,9 +530,9 @@ buf_add(buf_t *buf, const char *string, size_t string_len) return (int)buf->datalen; check(); if (BUG(buf->datalen >= INT_MAX)) if (BUG(buf->datalen > INT_MAX - 1)) return -1; if (BUG(buf->datalen >= INT_MAX - string_len)) if (BUG(buf->datalen > INT_MAX - 1 - string_len)) return -1; while (string_len) { Loading @@ -551,7 +551,7 @@ buf_add(buf_t *buf, const char *string, size_t string_len) } check(); tor_assert(buf->datalen < INT_MAX); tor_assert(buf->datalen <= INT_MAX - 1); return (int)buf->datalen; } Loading Loading @@ -645,7 +645,7 @@ buf_get_bytes(buf_t *buf, char *string, size_t string_len) buf_peek(buf, string, string_len); buf_drain(buf, string_len); check(); tor_assert(buf->datalen < INT_MAX); tor_assert(buf->datalen <= INT_MAX - 1); return (int)buf->datalen; } Loading @@ -660,9 +660,9 @@ buf_move_to_buf(buf_t *buf_out, buf_t *buf_in, size_t *buf_flushlen) char b[4096]; size_t cp, len; if (BUG(buf_out->datalen >= INT_MAX || *buf_flushlen >= INT_MAX)) if (BUG(buf_out->datalen > INT_MAX - 1 || *buf_flushlen > INT_MAX - 1)) return -1; if (BUG(buf_out->datalen >= INT_MAX - *buf_flushlen)) if (BUG(buf_out->datalen > INT_MAX - 1 - *buf_flushlen)) return -1; len = *buf_flushlen; Loading @@ -670,7 +670,7 @@ buf_move_to_buf(buf_t *buf_out, buf_t *buf_in, size_t *buf_flushlen) len = buf_in->datalen; cp = len; /* Remember the number of bytes we intend to copy. */ tor_assert(cp < INT_MAX); tor_assert(cp <= INT_MAX - 1); while (len) { /* This isn't the most efficient implementation one could imagine, since * it does two copies instead of 1, but I kinda doubt that this will be Loading @@ -692,9 +692,9 @@ buf_move_all(buf_t *buf_out, buf_t *buf_in) tor_assert(buf_out); if (!buf_in) return; if (BUG(buf_out->datalen >= INT_MAX || buf_in->datalen >= INT_MAX)) if (BUG(buf_out->datalen > INT_MAX - 1 || buf_in->datalen > INT_MAX - 1)) return; if (BUG(buf_out->datalen >= INT_MAX - buf_in->datalen)) if (BUG(buf_out->datalen > INT_MAX - 1 - buf_in->datalen)) return; if (buf_out->head == NULL) { Loading Loading @@ -748,7 +748,7 @@ buf_find_pos_of_char(char ch, buf_pos_t *out) char *cp = memchr(chunk->data+pos, ch, chunk->datalen - pos); if (cp) { out->chunk = chunk; tor_assert(cp - chunk->data < INT_MAX); tor_assert(cp - chunk->data <= INT_MAX - 1); out->pos = (int)(cp - chunk->data); return out->chunk_pos + out->pos; } else { Loading Loading @@ -811,7 +811,7 @@ buf_find_string_offset(const buf_t *buf, const char *s, size_t n) buf_pos_init(buf, &pos); while (buf_find_pos_of_char(*s, &pos) >= 0) { if (buf_matches_at_pos(&pos, s, n)) { tor_assert(pos.chunk_pos + pos.pos < INT_MAX); tor_assert(pos.chunk_pos + pos.pos <= INT_MAX - 1); return (int)(pos.chunk_pos + pos.pos); } else { if (buf_pos_inc(&pos)<0) Loading Loading @@ -845,7 +845,7 @@ buf_find_offset_of_char(buf_t *buf, char ch) { chunk_t *chunk; ptrdiff_t offset = 0; tor_assert(buf->datalen < INT_MAX); tor_assert(buf->datalen <= INT_MAX - 1); for (chunk = buf->head; chunk; chunk = chunk->next) { char *cp = memchr(chunk->data, ch, chunk->datalen); if (cp) Loading Loading @@ -915,7 +915,7 @@ buf_assert_ok(buf_t *buf) for (ch = buf->head; ch; ch = ch->next) { total += ch->datalen; tor_assert(ch->datalen <= ch->memlen); tor_assert(ch->datalen < INT_MAX); tor_assert(ch->datalen <= INT_MAX - 1); tor_assert(ch->data >= &ch->mem[0]); tor_assert(ch->data <= &ch->mem[0]+ch->memlen); if (ch->data == &ch->mem[0]+ch->memlen) { Loading
