[openssl-dev] [openssl.org #4094] Nonsensical pointer comparison in PACKET_buf_init
Emilia Käsper via RT
rt at openssl.org
Thu Oct 15 10:44:25 UTC 2015
Given OpenSSL's eternal type confusion, this check is meant to trap callers
that get an error return (typically -1) from some API returning signed values
and pass that on to PACKET_buf_init as a size_t. For example, ssl3_get_message
returns a long to signal buffer length, and that makes me nervous.
Except, yeah, it relies on undefined behaviour. OTOH as you note we do have a
test for this and we've not seen it fail on any compiler.
I agree the check is pointless if your sizes are correctly represented as
size_t throughout, but perhaps marginally useful for OpenSSL in its current
state. I don't feel too strongly about keeping or removing it - what do others
think?
More information about the openssl-dev
mailing list