lib: path-util: Made assertions in path_normalize() more reliable and less confusing...

diff --git a/src/lib/path-util.c b/src/lib/path-util.c
index 5f25832b62e5699d0cb5586fe2ddd4b5838b2fb5..ac192b27695944ae09dab49c44d1e353c73dd21b 100644 (file)
--- a/src/lib/path-util.c
+++ b/src/lib/path-util.c
@@ -89,7 +89,8 @@ static int path_normalize(const char *path, bool resolve_links,
                } else {
                        /* make sure npath now ends in slash */
                        if (*(npath_pos-1) != '/') {
-                               i_assert(npath_pos + 1 < npath + asize);
+                               i_assert(npath_pos >= npath);
+                               i_assert((size_t)((npath_pos - npath) + 1) < asize);
                                *(npath_pos++) = '/';
                        }
 
@@ -102,7 +103,8 @@ static int path_normalize(const char *path, bool resolve_links,
                        }
 
                        /* copy segment to normalized path */
-                       i_assert((npath_pos + seglen) < (npath + asize));
+                       i_assert(npath_pos >= npath);
+                       i_assert((size_t)((npath_pos - npath) + seglen) < asize);
                        memmove(npath_pos, p, seglen);
                        npath_pos += seglen;
                }
@@ -146,6 +148,8 @@ static int path_normalize(const char *path, bool resolve_links,
 
                                if (ltlen > 0) {
                                        /* preserve tail just after end of npath */
+                                       i_assert(npath_pos >= npath);
+                                       i_assert((size_t)((npath_pos + 1 - npath) + ltlen) < asize);
                                        memmove(npath_pos + 1, segend, ltlen);
                                }
 
@@ -153,7 +157,8 @@ static int path_normalize(const char *path, bool resolve_links,
                                for (;;) {
                                        npath_link = (npath_pos + 1) + ltlen;
 
-                                       i_assert(npath_link + lsize < npath + asize);
+                                       i_assert(npath_link >= npath_pos);
+                                       i_assert((size_t)((npath_link - npath) + lsize) < asize);
 
                                        /* attempt to read the link */
                                        if ((ret=readlink(npath, npath_link, lsize)) < 0) {
@@ -190,11 +195,14 @@ static int path_normalize(const char *path, bool resolve_links,
                                }
 
                                /* add tail of previous path at end of symlink */
+                               i_assert(npath_link >= npath);
                                if (ltlen > 0) {
-                                       i_assert(npath_pos + 1 + tlen < npath + asize);
+                                       i_assert(npath_pos >= npath);
+                                       i_assert((size_t)((npath_pos - npath) + 1 + tlen) < asize);
+                                       i_assert((size_t)((npath_link - npath) + ret + tlen) < asize);
                                        memcpy(npath_link + ret, npath_pos + 1, tlen);
                                } else {
-                                       i_assert(segend + tlen < npath + asize);
+                                       i_assert((size_t)((npath_link - npath) + ret + tlen) < asize);
                                        memcpy(npath_link + ret, segend, tlen);
                                }
                                *(npath_link+ret+tlen) = '\0';
@@ -225,7 +233,8 @@ static int path_normalize(const char *path, bool resolve_links,
                p = segend;
        }
 
-       i_assert(npath_pos < npath + asize);
+       i_assert(npath_pos >= npath);
+       i_assert((size_t)(npath_pos - npath) < asize);
 
        /* remove any trailing slash */
        if (npath_pos > npath + 1 && *(npath_pos-1) == '/')