summaryrefslogtreecommitdiff
path: root/lib/gnutls_int.h
diff options
context:
space:
mode:
authorDaiki Ueno <dueno@redhat.com>2019-08-08 18:02:08 +0200
committerDaiki Ueno <dueno@redhat.com>2019-09-12 09:22:51 +0200
commite0fe31f1fc2ba13ada1d6bc35231847b75be4ee9 (patch)
tree5b253201bde17b60984de0f2401e271f25a9adb2 /lib/gnutls_int.h
parentbcd95a1a0f8b8ed1ccdd096e072446e297a71035 (diff)
downloadgnutls-e0fe31f1fc2ba13ada1d6bc35231847b75be4ee9.tar.gz
gnutls_int.h: make DECR_LEN neutral to signedness
DECR_LEN was previously implemented in a way that it first decrements the given length and then checks whether the result is negative. This requires the caller to properly coerce the length argument to a signed integer, before invoking the macro. Signed-off-by: Daiki Ueno <dueno@redhat.com>
Diffstat (limited to 'lib/gnutls_int.h')
-rw-r--r--lib/gnutls_int.h11
1 files changed, 6 insertions, 5 deletions
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index 179d71b4a1..7f7b6a7c97 100644
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -256,14 +256,15 @@ typedef enum record_send_state_t {
#define MEMSUB(x,y) ((ssize_t)((ptrdiff_t)x-(ptrdiff_t)y))
-#define DECR_LEN(len, x) do { len-=x; if (len<0) {gnutls_assert(); return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;} } while (0)
+#define DECR_LEN(len, x) DECR_LENGTH_RET(len, x, GNUTLS_E_UNEXPECTED_PACKET_LENGTH)
#define DECR_LEN_FINAL(len, x) do { \
- len-=x; \
- if (len != 0) \
+ if (len != x) \
return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH); \
+ else \
+ len = 0; \
} while (0)
-#define DECR_LENGTH_RET(len, x, RET) do { len-=x; if (len<0) {gnutls_assert(); return RET;} } while (0)
-#define DECR_LENGTH_COM(len, x, COM) do { len-=x; if (len<0) {gnutls_assert(); COM;} } while (0)
+#define DECR_LENGTH_RET(len, x, RET) DECR_LENGTH_COM(len, x, return RET)
+#define DECR_LENGTH_COM(len, x, COM) do { if (len<x) {gnutls_assert(); COM;} else len-=x; } while (0)
#define GNUTLS_POINTER_TO_INT(_) ((int) GNUTLS_POINTER_TO_INT_CAST (_))
#define GNUTLS_INT_TO_POINTER(_) ((void*) GNUTLS_POINTER_TO_INT_CAST (_))