commit 0f222e69b18b79e77c8901e69945f8d93ba663a7
author David Benjamin <davidben@google.com> Mon Jul 03 12:24:51 2023 -0400
committer Boringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com> Mon Jul 10 20:21:22 2023 +0000
tree bf3bbcb457c0d02dcf24ddb9f42e8f8f2098e9f4
parent 9fc1c33e9c21439ce5f87855a6591a9324e569fd

Clear some size_t truncations

Also fix the comments for ERR_STATE because they were actually wrong.

Bug: 516
Change-Id: I3b352fc75e63075a9f02f33c6e23da0f821a323e
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/61425
Auto-Submit: David Benjamin <davidben@google.com>
Reviewed-by: Bob Beck <bbe@google.com>
Commit-Queue: Bob Beck <bbe@google.com>

crypto/err/err.c

diff --git a/crypto/err/err.c b/crypto/err/err.c
index eff2dc9..a8a53af 100644
--- a/crypto/err/err.c
+++ b/crypto/err/err.c
@@ -146,13 +146,13 @@
 
 // ERR_STATE contains the per-thread, error queue.
 typedef struct err_state_st {
-  // errors contains the ERR_NUM_ERRORS most recent errors, organised as a ring
-  // buffer.
+  // errors contains up to ERR_NUM_ERRORS - 1 most recent errors, organised as a
+  // ring buffer.
   struct err_error_st errors[ERR_NUM_ERRORS];
-  // top contains the index one past the most recent error. If |top| equals
-  // |bottom| then the queue is empty.
+  // top contains the index of the most recent error. If |top| equals |bottom|
+  // then the queue is empty.
   unsigned top;
-  // bottom contains the index of the last error in the queue.
+  // bottom contains the index before the least recent error in the queue.
   unsigned bottom;
 
   // to_free, if not NULL, contains a pointer owned by this structure that was
@@ -866,6 +866,10 @@
     return;
   }
 
+  if (state->num_errors >= ERR_NUM_ERRORS) {
+    abort();
+  }
+
   ERR_STATE *const dst = err_get_state();
   if (dst == NULL) {
     return;
@@ -874,6 +878,6 @@
   for (size_t i = 0; i < state->num_errors; i++) {
     err_copy(&dst->errors[i], &state->errors[i]);
   }
-  dst->top = state->num_errors - 1;
+  dst->top = (unsigned)(state->num_errors - 1);
   dst->bottom = ERR_NUM_ERRORS - 1;
 }

crypto/fipsmodule/ecdsa/ecdsa_test.cc

diff --git a/crypto/fipsmodule/ecdsa/ecdsa_test.cc b/crypto/fipsmodule/ecdsa/ecdsa_test.cc
index 18fdb83..b821d0c 100644
--- a/crypto/fipsmodule/ecdsa/ecdsa_test.cc
+++ b/crypto/fipsmodule/ecdsa/ecdsa_test.cc
@@ -223,16 +223,15 @@
 
     // Test ASN.1-encoded signatures.
     // Create a signature.
-    unsigned sig_len = ECDSA_size(eckey.get());
-    std::vector<uint8_t> signature(sig_len);
+    std::vector<uint8_t> signature(ECDSA_size(eckey.get()));
+    unsigned sig_len;
     ASSERT_TRUE(
         ECDSA_sign(0, digest, 20, signature.data(), &sig_len, eckey.get()));
     signature.resize(sig_len);
 
     // ECDSA signing should be non-deterministic. This does not verify k is
     // generated securely but at least checks it was randomized at all.
-    sig_len = ECDSA_size(eckey.get());
-    std::vector<uint8_t> signature2(sig_len);
+    std::vector<uint8_t> signature2(ECDSA_size(eckey.get()));
     ASSERT_TRUE(
         ECDSA_sign(0, digest, 20, signature2.data(), &sig_len, eckey.get()));
     signature2.resize(sig_len);