ghmac: Fix some signed/unsigned issues with g_checksum_update() (!2636) · Merge requests · GNOME / GLib

Philip Withnall requested to merge pwithnall/glib:hmac-signedness into main May 05, 2022

The length argument to g_checksum_update() is signed, allowing length < 0 to indicate a nul-terminated input string. However, most of the GHmac machinery which calls g_checksum_update() uses unsigned gsizes.

If any of those sizes exceed G_MAXSSIZE (which is very unlikely and could only happen with a buggy caller), the unsigned-to-signed conversion would wrap and cause g_checksum_update() to inappropriately interpret the input as nul-terminated.

Fix that by adding a load of assertions and making the unsigned-to-signed comparisons explicit.

Signed-off-by: Philip Withnall pwithnall@endlessos.org

Coverity CID: #1486807

ghmac: Fix some signed/unsigned issues with g_checksum_update()

Merge request reports