conflux: Move seq number operation after the bound check

In theory, this doesn't matter much because relative_seq can overflow and it
won't be used because of the check after.

But in terms of correctness, lets not access/use any fields that haven't pass
correctness to future proof ourselves.

Signed-off-by: David Goulet <dgoulet@torproject.org>

diff --git a/src/core/or/conflux.c b/src/core/or/conflux.c
index 10d19ba63fae9dada87299cb10f85c35ffea1944..87a74ffbd1d70792f9f4a488b72099078978d7f1 100644 (file)
--- a/src/core/or/conflux.c
+++ b/src/core/or/conflux.c
@@ -504,9 +504,6 @@ conflux_decide_circ_for_send(conflux_t *cfx,
       tor_assert(cfx->prev_leg);
       tor_assert(cfx->curr_leg);
 
-      uint64_t relative_seq = cfx->prev_leg->last_seq_sent -
-                              cfx->curr_leg->last_seq_sent;
-
       if (cfx->curr_leg->last_seq_sent > cfx->prev_leg->last_seq_sent) {
         /* Having incoherent sequence numbers, log warn about it but rate limit
          * it to every hour so we avoid redundent report. */
@@ -521,6 +518,9 @@ conflux_decide_circ_for_send(conflux_t *cfx,
         return NULL;
       }
 
+      uint64_t relative_seq = cfx->prev_leg->last_seq_sent -
+                              cfx->curr_leg->last_seq_sent;
+
       /* On failure to send the SWITCH, we close everything. This means we have
        * a protocol error or the sending failed and the circuit is closed. */
       if (!conflux_send_switch_command(cfx->curr_leg->circ, relative_seq)) {