src: replace unreachable code with static_assert #46209
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This function base64-decodes a given JavaScript string to obtain the secret key, whose length must not exceed INT_MAX. However, because JavaScript strings are limited to v8::String::kMaxLength chars and because base64 decoding never yields more bytes than input chars, the size of the decoded key must be strictly less than v8::String::kMaxLength bytes. Therefore, it is sufficient to statically assert that String::kMaxLength <= INT_MAX (which is always true because String::kMaxLength itself is an int). Aside from being unreachable, Coverity considers the current code "suspicious" because it indicates that buffers larger than INT_MAX might actually be allocated.
tniessen
added
crypto
|
Review requested:
|
lpinca
approved these changes
Jan 14, 2023
anonrig
approved these changes
Jan 14, 2023
Trott
approved these changes
Jan 14, 2023
cjihrig
approved these changes
Jan 15, 2023
JungMinu
approved these changes
Jan 16, 2023
RaisinTen
approved these changes
Jan 16, 2023
github-actions
bot
removed
the
request-ci
This comment was marked as outdated.
This comment was marked as outdated.
panva
added
the
commit-queue
panva
approved these changes
Jan 17, 2023
nodejs-github-bot
removed
the
commit-queue
|
Landed in 15d673d |
RafaelGSS
pushed a commit
to RafaelGSS/node
that referenced
this pull request
Jan 17, 2023
This function base64-decodes a given JavaScript string to obtain the secret key, whose length must not exceed INT_MAX. However, because JavaScript strings are limited to v8::String::kMaxLength chars and because base64 decoding never yields more bytes than input chars, the size of the decoded key must be strictly less than v8::String::kMaxLength bytes. Therefore, it is sufficient to statically assert that String::kMaxLength <= INT_MAX (which is always true because String::kMaxLength itself is an int). Aside from being unreachable, Coverity considers the current code "suspicious" because it indicates that buffers larger than INT_MAX might actually be allocated. PR-URL: nodejs#46209 Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Yagiz Nizipli <[email protected]> Reviewed-By: Rich Trott <[email protected]> Reviewed-By: Colin Ihrig <[email protected]> Reviewed-By: Minwoo Jung <[email protected]> Reviewed-By: Darshan Sen <[email protected]> Reviewed-By: Filip Skokan <[email protected]>
18 tasks
tniessen
added a commit
to tniessen/node
that referenced
this pull request
Jan 18, 2023
This function divides an unsigned 32-bit integer by 8, effectively right-shifting it by three bits, so the result must be less than INT_MAX. Refs: nodejs#46209
tniessen
added a commit
to tniessen/node
that referenced
this pull request
Jan 18, 2023
This function divides an unsigned 32-bit integer by 8, effectively right-shifting it by three bits, so the result must be less than INT_MAX. Refs: nodejs#46209
This was referenced Jan 19, 2023
RafaelGSS
pushed a commit
that referenced
this pull request
Jan 20, 2023
This function base64-decodes a given JavaScript string to obtain the secret key, whose length must not exceed INT_MAX. However, because JavaScript strings are limited to v8::String::kMaxLength chars and because base64 decoding never yields more bytes than input chars, the size of the decoded key must be strictly less than v8::String::kMaxLength bytes. Therefore, it is sufficient to statically assert that String::kMaxLength <= INT_MAX (which is always true because String::kMaxLength itself is an int). Aside from being unreachable, Coverity considers the current code "suspicious" because it indicates that buffers larger than INT_MAX might actually be allocated. PR-URL: #46209 Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Yagiz Nizipli <[email protected]> Reviewed-By: Rich Trott <[email protected]> Reviewed-By: Colin Ihrig <[email protected]> Reviewed-By: Minwoo Jung <[email protected]> Reviewed-By: Darshan Sen <[email protected]> Reviewed-By: Filip Skokan <[email protected]>
Merged
nodejs-github-bot
pushed a commit
that referenced
this pull request
Jan 21, 2023
This function divides an unsigned 32-bit integer by 8, effectively right-shifting it by three bits, so the result must be less than INT_MAX. Refs: #46209 PR-URL: #46250 Reviewed-By: Anna Henningsen <[email protected]> Reviewed-By: Ben Noordhuis <[email protected]>
juanarbol
pushed a commit
that referenced
this pull request
Jan 26, 2023
This function base64-decodes a given JavaScript string to obtain the secret key, whose length must not exceed INT_MAX. However, because JavaScript strings are limited to v8::String::kMaxLength chars and because base64 decoding never yields more bytes than input chars, the size of the decoded key must be strictly less than v8::String::kMaxLength bytes. Therefore, it is sufficient to statically assert that String::kMaxLength <= INT_MAX (which is always true because String::kMaxLength itself is an int). Aside from being unreachable, Coverity considers the current code "suspicious" because it indicates that buffers larger than INT_MAX might actually be allocated. PR-URL: #46209 Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Yagiz Nizipli <[email protected]> Reviewed-By: Rich Trott <[email protected]> Reviewed-By: Colin Ihrig <[email protected]> Reviewed-By: Minwoo Jung <[email protected]> Reviewed-By: Darshan Sen <[email protected]> Reviewed-By: Filip Skokan <[email protected]>
Merged
juanarbol
pushed a commit
that referenced
this pull request
Jan 31, 2023
This function base64-decodes a given JavaScript string to obtain the secret key, whose length must not exceed INT_MAX. However, because JavaScript strings are limited to v8::String::kMaxLength chars and because base64 decoding never yields more bytes than input chars, the size of the decoded key must be strictly less than v8::String::kMaxLength bytes. Therefore, it is sufficient to statically assert that String::kMaxLength <= INT_MAX (which is always true because String::kMaxLength itself is an int). Aside from being unreachable, Coverity considers the current code "suspicious" because it indicates that buffers larger than INT_MAX might actually be allocated. PR-URL: #46209 Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Yagiz Nizipli <[email protected]> Reviewed-By: Rich Trott <[email protected]> Reviewed-By: Colin Ihrig <[email protected]> Reviewed-By: Minwoo Jung <[email protected]> Reviewed-By: Darshan Sen <[email protected]> Reviewed-By: Filip Skokan <[email protected]>
ruyadorno
pushed a commit
that referenced
this pull request
Feb 1, 2023
This function divides an unsigned 32-bit integer by 8, effectively right-shifting it by three bits, so the result must be less than INT_MAX. Refs: #46209 PR-URL: #46250 Reviewed-By: Anna Henningsen <[email protected]> Reviewed-By: Ben Noordhuis <[email protected]>
juanarbol
pushed a commit
that referenced
this pull request
Mar 3, 2023
This function divides an unsigned 32-bit integer by 8, effectively right-shifting it by three bits, so the result must be less than INT_MAX. Refs: #46209 PR-URL: #46250 Reviewed-By: Anna Henningsen <[email protected]> Reviewed-By: Ben Noordhuis <[email protected]>
juanarbol
pushed a commit
that referenced
this pull request
Mar 5, 2023
This function divides an unsigned 32-bit integer by 8, effectively right-shifting it by three bits, so the result must be less than INT_MAX. Refs: #46209 PR-URL: #46250 Reviewed-By: Anna Henningsen <[email protected]> Reviewed-By: Ben Noordhuis <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This function base64-decodes a given JavaScript string to obtain the secret key, whose length must not exceed
INT_MAX. However, because JavaScript strings are limited tov8::String::kMaxLengthchars and because base64 decoding never yields more bytes than input chars, the size of the decoded key must be strictly less thanv8::String::kMaxLengthbytes. Therefore, it is sufficient to statically assert thatString::kMaxLength <= INT_MAX(which is always true becauseString::kMaxLengthitself is an int).Aside from being unreachable, Coverity considers the current code "suspicious" because it indicates that buffers larger than
INT_MAXmight actually be allocated.