]> git.ipfire.org Git - thirdparty/haproxy.git/commitdiff
CLEANUP: hpack: be careful about integer promotion from uint8_t
authorWilly Tarreau <w@1wt.eu>
Fri, 1 Apr 2022 15:12:08 +0000 (17:12 +0200)
committerWilly Tarreau <w@1wt.eu>
Fri, 1 Apr 2022 15:29:06 +0000 (17:29 +0200)
As reported in issue #1635, there's a subtle sign change when shifting
a uint8_t value to the left because integer promotion first turns any
smaller type to signed int *even if it was unsigned*. A warning was
reported about uint8_t shifted left 24 bits that couldn't fit in int
due to this.

It was verified that the emitted code didn't change, as expected, but
at least this allows to silence the code checkers. There's no need to
backport this.

src/hpack-huff.c

index fd445db2c7ab4c11041dd7fcf373d394a13e215e..9c63e28e839dedec89ef9c28bb79e509755375e0 100644 (file)
@@ -1446,7 +1446,10 @@ int huff_dec(const uint8_t *huff, int hlen, char *out, int olen)
                        next = 0;
 
                        if (huff + 4 <= huff_end) {
-                               next = (huff[0] << 24) + (huff[1] << 16) + (huff[2] <<  8) + huff[3];
+                               next =  ((uint32_t)huff[0] << 24) +
+                                       ((uint32_t)huff[1] << 16) +
+                                       ((uint32_t)huff[2] <<  8) +
+                                        (uint32_t)huff[3];
                                huff += 4;
                        }
                        else {
@@ -1454,10 +1457,10 @@ int huff_dec(const uint8_t *huff, int hlen, char *out, int olen)
                                 * distinguish shifted bits from a really inserted
                                 * EOS.
                                 */
-                               next =  (((huff + 0 < huff_end) ? huff[0] : 0x00) << 24) +
-                                       (((huff + 1 < huff_end) ? huff[1] : 0x00) << 16) +
-                                       (((huff + 2 < huff_end) ? huff[2] : 0x00) <<  8) +
-                                       ((huff + 3 < huff_end) ? huff[3] : 0x00);
+                               next =  (((huff + 0 < huff_end) ? (uint32_t)huff[0] : 0x00) << 24) +
+                                       (((huff + 1 < huff_end) ? (uint32_t)huff[1] : 0x00) << 16) +
+                                       (((huff + 2 < huff_end) ? (uint32_t)huff[2] : 0x00) <<  8) +
+                                        ((huff + 3 < huff_end) ? (uint32_t)huff[3] : 0x00);
                                huff = huff_end;
                        }