René Scharfe <l.s.r@xxxxxx> writes: >> I do like the resulting code, but I feel a bit uneasy to sell this >> change as "the code becomes more streamlined without losing safety". >> It looks more like "this change is safe for our two callers; those >> adding more callers in the future are better be very careful", no? > > With no way to enforce passing an array of a certain size to a function > the only safe options I see are keeping the length check, using a macro > or inlining the calculation. Hmm. We keep repeating "length check" because that is what the comment in the function says, but even if the caller has 4-byte, that 4-byte substring at the beginning is what it read from the untrusted side over the network. We should be checking if we have 4 hexadecimal length even if we are not running beyond the end of the buffer, no? So it may be that the comment needs to be fixed more than the code. Thanks.
