From: Milan Broz <gmazyland@gmail.com>
Date: Fri, 24 Apr 2026 18:58:41 +0000 (+0200)
Subject: Fix always false comparison in asn1/a_strex.c
X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=2072517dc030d6f655c0939ce588065cc96909cd;p=thirdparty%2Fopenssl.git

Fix always false comparison in asn1/a_strex.c

On 32bit platforms, some compilers like clang
produce this warning
   error: result of comparison 'unsigned long' > 4294967295
   is always false [-Werror,-Wtautological-type-limit-compare]
   70 |     if (c > 0xffffffffL)

Just compare it to UNICODE_MAX here.

Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
Reviewed-by: Norbert Pocs <norbertp@openssl.org>
MergeDate: Tue Apr 28 16:01:04 2026
(Merged from https://github.com/openssl/openssl/pull/30962)
---

diff --git a/crypto/asn1/a_strex.c b/crypto/asn1/a_strex.c
index d7bce4270f9..f36f5262211 100644
--- a/crypto/asn1/a_strex.c
+++ b/crypto/asn1/a_strex.c
@@ -11,6 +11,7 @@
 #include <string.h>
 #include "internal/cryptlib.h"
 #include "internal/sizes.h"
+#include "internal/unicode.h"
 #include "crypto/asn1.h"
 #include <openssl/crypto.h>
 #include <openssl/x509.h>
@@ -67,7 +68,7 @@ static int do_esc_char(unsigned long c, unsigned short flags, char *do_quotes,
     unsigned char chtmp;
     char tmphex[HEX_SIZE(long) + 3];
 
-    if (c > 0xffffffffL)
+    if (c > UNICODE_MAX)
         return -1;
     if (c > 0xffff) {
         BIO_snprintf(tmphex, sizeof(tmphex), "\\W%08lX", c);