[Rpm-maint] [rpm-software-management/rpm] Reduce undefined pointer arithmetic (#1710)
Panu Matilainen
notifications at github.com
Fri Jun 18 08:52:06 UTC 2021
@pmatilai commented on this pull request.
> @@ -525,9 +525,9 @@ static int pgpPrtSigParams(pgpTag tag, uint8_t pubkey_algo, uint8_t sigtype,
int i;
pgpDigAlg sigalg = pgpSignatureNew(pubkey_algo);
- for (i = 0; i < sigalg->mpis && p + 2 <= pend; i++) {
+ for (i = 0; i < sigalg->mpis && 2 <= pend - p; i++) {
The compiler doesn't of course care, but I find this order of comparison backwards and unnatural. You don't say "is two less or equal to the remaining buffer size", you say "is the remaining buffer size at least two bytes?". Ditto with all similar changes in this and other PR's. But when you write it as "pend - p >= 2" the point actually becomes *more* obvious than the original code, and at that point I have far less objections to these changes.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1710#pullrequestreview-687181896
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20210618/a4756d0f/attachment.html>
More information about the Rpm-maint
mailing list