Convert evbuffer_strspn() (internal helper) to use size_t

As pointed by @yankeehacker in #590: Signed to Unsigned Conversion Error - buffer.c:1623 Description: This assignment creates a type mismatch by populating an unsigned variable with a signed value. The signed integer will be implicitly cast to an unsigned integer, converting negative values into positive ones. If an attacker can control the signed value, it may be possible to trigger a buffer overflow if the value specifies the length of a memory write. Remediation: Do not rely on implicit casts between signed and unsigned values because the result can take on an unexpected value and violate weak assumptions made elsewhere in the program. Fixes: #590
author: Azat Khuzhin <a3at.mail@gmail.com> 2018-10-28 16:46:24 +0300
committer: Azat Khuzhin <a3at.mail@gmail.com> 2018-10-28 16:50:36 +0300
commit: 931ec2370228e40309af51b86e10fa364a37a20e (patch)
tree: a07ae64421664be4e01df9d348c0d8bbbf6679b7 /buffer.c
parent: f83ac92da9fff789135d1e5b9050653cf7fdb517 (diff)
download: libevent-931ec2370228e40309af51b86e10fa364a37a20e.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/buffer.c b/buffer.c
index 25a6e528..f6ff8431 100644
--- a/buffer.c
+++ b/buffer.c
@@ -1535,11 +1535,11 @@ evbuffer_find_eol_char(struct evbuffer_ptr *it)
 	return (-1);
 }
 
-static inline int
+static inline size_t
 evbuffer_strspn(
 	struct evbuffer_ptr *ptr, const char *chrset)
 {
-	int count = 0;
+	size_t count = 0;
 	struct evbuffer_chain *chain = ptr->internal_.chain;
 	size_t i = ptr->internal_.pos_in_chain;
author	Azat Khuzhin <a3at.mail@gmail.com>	2018-10-28 16:46:24 +0300
committer	Azat Khuzhin <a3at.mail@gmail.com>	2018-10-28 16:50:36 +0300
commit	931ec2370228e40309af51b86e10fa364a37a20e (patch)
tree	a07ae64421664be4e01df9d348c0d8bbbf6679b7 /buffer.c
parent	f83ac92da9fff789135d1e5b9050653cf7fdb517 (diff)
download	libevent-931ec2370228e40309af51b86e10fa364a37a20e.tar.gz