ghmac: Fix some signed/unsigned issues with g_checksum_update()
The length argument to g_checksum_update()
is signed, allowing
length < 0
to indicate a nul-terminated input string. However, most of
the GHmac
machinery which calls g_checksum_update()
uses unsigned
gsize
s.
If any of those sizes exceed G_MAXSSIZE
(which is very unlikely and
could only happen with a buggy caller), the unsigned-to-signed
conversion would wrap and cause g_checksum_update()
to inappropriately
interpret the input as nul-terminated.
Fix that by adding a load of assertions and making the unsigned-to-signed comparisons explicit.
Signed-off-by: Philip Withnall pwithnall@endlessos.org
Coverity CID: #1486807