diff options
author | Vadim Bendebury <vbendeb@chromium.org> | 2016-07-07 10:52:46 -0700 |
---|---|---|
committer | Martin Roth <martinroth@google.com> | 2016-07-13 23:58:32 +0200 |
commit | bc927107a062ca791ffb4a4f593049a7219b5a07 (patch) | |
tree | 31d7196e9dc33539ddfeb3fc770ba711c49a747a /src/lib/tpm2_marshaling.h | |
parent | 03e4472e179c51a43498533b90a49234e15a335b (diff) |
tpm2: avoid comparison between signed and unsigned ints
The marshaling/unmarshaling code is using integer values to represent
room left in the buffer, to be able to communicate three conditions:
positive number means there is room left in the buffer, zero means
that the exact amount of data in the buffer was unmarshaled and
negative value means that the result of the operation did not fit into
the buffer.
The implementation is wrong though, as it compares directly signed and
unsigned values, which is illegal, as signed values get promoted to
unsigned by the compiler.
This patch changes the marshaling code to use size_t for the size, and
use zero as marshaling failure indication - after all the buffer where
the data is marshaled to should definitely be large enough, and it is
reasonable to expect at least some room left in it after marshaling.
The unmarshaling situation is different: we sure want to communicate
errors to the caller, but do not want to propagate error return values
through multiple layers. This patch keeps the size value in int, but
checks if it is negative separately, before comparing with positive
values.
BRANCH=none
BUG=chrome-os-partner:50645
TEST=with the rest of the patches applied kevin successfully boots up.
Change-Id: Ibfbd1b351e35e37c8925a78d095e4e8492805bad
Signed-off-by: Martin Roth <martinroth@chromium.org>
Original-Commit-Id: b1e862c2a650fa5f6cb25a01fe61e848a696cf17
Original-Change-Id: Ie7552b333afaff9a1234c948caf9d9a64447b2e1
Original-Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Original-Reviewed-on: https://chromium-review.googlesource.com/358772
Original-Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-on: https://review.coreboot.org/15610
Tested-by: build bot (Jenkins)
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Diffstat (limited to 'src/lib/tpm2_marshaling.h')
-rw-r--r-- | src/lib/tpm2_marshaling.h | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/lib/tpm2_marshaling.h b/src/lib/tpm2_marshaling.h index 69a345d731..e177d0609a 100644 --- a/src/lib/tpm2_marshaling.h +++ b/src/lib/tpm2_marshaling.h @@ -25,7 +25,7 @@ * */ int tpm_marshal_command(TPM_CC command, void *tpm_command_body, - void *buffer, int buffer_size); + void *buffer, size_t buffer_size); /** * tpm_unmarshal_response @@ -44,6 +44,6 @@ int tpm_marshal_command(TPM_CC command, void *tpm_command_body, */ struct tpm2_response *tpm_unmarshal_response(TPM_CC command, void *response_body, - int response_size); + size_t response_size); #endif // __SRC_LIB_TPM2_MARSHALING_H |