[master] 2d8909407 vmod_blob flexelinting round 2
Nils Goroll
nils.goroll at uplex.de
Tue Mar 10 12:43:06 UTC 2020
commit 2d8909407cad5e0c93d931024fa3e736062bdf5a
Author: Nils Goroll <nils.goroll at uplex.de>
Date: Tue Mar 10 13:06:36 2020 +0100
vmod_blob flexelinting round 2
diff --git a/lib/libvmod_blob/hex.c b/lib/libvmod_blob/hex.c
index 8c2bf1d28..b95e45e90 100644
--- a/lib/libvmod_blob/hex.c
+++ b/lib/libvmod_blob/hex.c
@@ -135,7 +135,7 @@ hex_decode(const enum encoding dec, blob_dest_t buf,
if (len == 0)
return (0);
- if (n > 0 && len > n)
+ if (n >= 0 && len > (size_t)n)
len = n;
if (((len+1) >> 1) > buflen) {
diff --git a/lib/libvmod_blob/vmod_blob.c b/lib/libvmod_blob/vmod_blob.c
index b99bab762..0c46106bc 100644
--- a/lib/libvmod_blob/vmod_blob.c
+++ b/lib/libvmod_blob/vmod_blob.c
@@ -532,12 +532,13 @@ vmod_sub(VRT_CTX, VCL_BLOB b, VCL_BYTES n, VCL_BYTES off)
assert(b->len > 0);
- if (off < 0 || n < 0) {
- ERR(ctx, "size and offset cannot be negative in blob.sub()");
+ if (off < 0 || n < 0 || off > SIZE_MAX || n > SIZE_MAX) {
+ ERR(ctx, "size or offset negative or out of range in blob.sub()");
return (NULL);
}
- if (off + n > b->len) {
+ if ((size_t)off > b->len || (size_t)n > b->len ||
+ (size_t)off + (size_t)n > b->len) {
VERR(ctx, "size %jd from offset %jd requires more bytes than "
"blob length %zd in blob.sub()",
(intmax_t)n, (intmax_t)off, b->len);
More information about the varnish-commit
mailing list