From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:59402) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1b3mjM-0003EZ-51 for qemu-devel@nongnu.org; Fri, 20 May 2016 11:52:53 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1b3mjI-00078d-09 for qemu-devel@nongnu.org; Fri, 20 May 2016 11:52:51 -0400 Received: from mx1.redhat.com ([209.132.183.28]:34895) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1b3mjH-00078Z-Q7 for qemu-devel@nongnu.org; Fri, 20 May 2016 11:52:47 -0400 Received: from int-mx10.intmail.prod.int.phx2.redhat.com (int-mx10.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id F3A6578229 for ; Fri, 20 May 2016 15:52:45 +0000 (UTC) References: <1463735394-25690-1-git-send-email-pbonzini@redhat.com> From: Eric Blake Message-ID: <573F32C4.5030303@redhat.com> Date: Fri, 20 May 2016 09:52:36 -0600 MIME-Version: 1.0 In-Reply-To: <1463735394-25690-1-git-send-email-pbonzini@redhat.com> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="RnuNkebVIbb7DXFGx8uGIUVPjxg2MSvfb" Subject: Re: [Qemu-devel] [PATCH] crypto: assert that qcrypto_hash_digest_len is in range List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Paolo Bonzini , qemu-devel@nongnu.org This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --RnuNkebVIbb7DXFGx8uGIUVPjxg2MSvfb Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 05/20/2016 03:09 AM, Paolo Bonzini wrote: > Otherwise unintended results could happen. For example, > Coverity reports a division by zero in qcrypto_afsplit_hash. > While this cannot really happen, it shows that the contract > of qcrypto_hash_digest_len can be improved. >=20 > Signed-off-by: Paolo Bonzini > --- > crypto/hash.c | 4 +--- > 1 file changed, 1 insertion(+), 3 deletions(-) Reviewed-by: Eric Blake >=20 > diff --git a/crypto/hash.c b/crypto/hash.c > index b90af34..2907bff 100644 > --- a/crypto/hash.c > +++ b/crypto/hash.c > @@ -36,9 +36,7 @@ static size_t qcrypto_hash_alg_size[QCRYPTO_HASH_ALG_= _MAX] =3D { > =20 > size_t qcrypto_hash_digest_len(QCryptoHashAlgorithm alg) > { > - if (alg >=3D G_N_ELEMENTS(qcrypto_hash_alg_size)) { > - return 0; > - } > + assert(alg < G_N_ELEMENTS(qcrypto_hash_alg_size)); > return qcrypto_hash_alg_size[alg]; The assertion doesn't protect us if QCryptoHashAlgorithm gains another member but we forget to update qcrypto_hash_alg_size[] to match. Do you want an additional assertion that you are returning a non-zero value? --=20 Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org --RnuNkebVIbb7DXFGx8uGIUVPjxg2MSvfb Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: Public key at http://people.redhat.com/eblake/eblake.gpg Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBCAAGBQJXPzLEAAoJEKeha0olJ0NqGbkH/3jIa5HTZnDeuHYEVi3epQKW t6mzfo7XDKAUGI47OmcThzOqQnyk4xy/uIMDej85oejKd7ACp/gsqpXbN0exPxiX KP2zYSJ2sFvTsiA/hSqwWblfrkTRxxCmumoh8erYXSLlVW9qDyox90mt7XOyN8F/ sAy0Uq5JHn4yGWmnkRWC8h9TvgHmPHClW9go5few9EMgS+pi9HIeNUd+45S3osUU CJb0iFcDECEX+PSRyL0P28/3D6mCDvFJ4GQT4qXVt8wGY0kSeDnX/F5dC7W1j3sf zIft578VJ2CxETAZeh7PwOnJgdmRMtZ2aauCGsJL6SyENQB8OIReCAtX/D9w0tc= =iypK -----END PGP SIGNATURE----- --RnuNkebVIbb7DXFGx8uGIUVPjxg2MSvfb--