Chiebot-Mirror
/
boringssl
mirror of https://gitee.com/mirrors/boringssl.git
8
0
Fork 0
Code Issues Projects Releases Wiki Activity

Silence a GCC 12 -Warray-bounds false positive warning.

Browse Source 
GCC 12 triggers a -Warray-bounds false positive in crypto/x509v3's IPv6
parser. Although v6stat.total cannot exceed 16 because of the callback,
GCC doesn't know this and seems to get confused. Checking >= 16 seems to
silence it.

While I'm here, move the comments so they don't obscure the
if/else-if chains and avoid a theoretical overflow in 'zero_cnt' by
checking for the maximum value inside the callback.

Change-Id: If1610a36693915aa92085d8cb3a4709ae82992ba
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/54245
Reviewed-by: Adam Langley <agl@google.com>
Auto-Submit: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
chromium-5359
David Benjamin 2 years ago committed by Boringssl LUCI CQ
parent 2749466282
commit 8462a367bb
1 changed files with 16 additions and 19 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 35
      crypto/x509v3/v3_utl.c

35
crypto/x509v3/v3_utl.c
Unescape View File

@ -1233,8 +1233,6 @@ static int ipv6_from_asc(unsigned char v6[16], const char *in) {
return 0;
}
// Now for some sanity checks
if (v6stat.zero_pos == -1) {
// If no '::' must have exactly 16 bytes
if (v6stat.total != 16) {
@ -1242,35 +1240,31 @@ static int ipv6_from_asc(unsigned char v6[16], const char *in) {
}
} else {
// If '::' must have less than 16 bytes
if (v6stat.total == 16) {
if (v6stat.total >= 16) {
return 0;
}
// More than three zeroes is an error
if (v6stat.zero_cnt > 3) {
// More than three zeroes is an error
return 0;
}
// Can only have three zeroes if nothing else present
else if (v6stat.zero_cnt == 3) {
} else if (v6stat.zero_cnt == 3) {
// Can only have three zeroes if nothing else present
if (v6stat.total > 0) {
return 0;
}
}
// Can only have two zeroes if at start or end
else if (v6stat.zero_cnt == 2) {
if ((v6stat.zero_pos != 0) && (v6stat.zero_pos != v6stat.total)) {
} else if (v6stat.zero_cnt == 2) {
// Can only have two zeroes if at start or end
if (v6stat.zero_pos != 0 && v6stat.zero_pos != v6stat.total) {
return 0;
}
} else
// Can only have one zero if *not* start or end
{
if ((v6stat.zero_pos == 0) || (v6stat.zero_pos == v6stat.total)) {
} else {
// Can only have one zero if *not* start or end
if (v6stat.zero_pos == 0 || v6stat.zero_pos == v6stat.total) {
return 0;
}
}
}
// Format result
// Format the result.
if (v6stat.zero_pos >= 0) {
// Copy initial part
OPENSSL_memcpy(v6, v6stat.tmp, v6stat.zero_pos);
@ -1299,9 +1293,12 @@ static int ipv6_cb(const char *elem, int len, void *usr) {
// Zero length element, corresponds to '::'
if (s->zero_pos == -1) {
s->zero_pos = s->total;
} else if (s->zero_pos != s->total) {
// If we've already got a :: its an error
return 0;
}
// If we've already got a :: its an error
else if (s->zero_pos != s->total) {
if (s->zero_cnt >= 3) {
// More than three zeros is an error.
return 0;
}
s->zero_cnt++;

Write Preview
Loading…
Cancel
Save