René Scharfe <l.s.r@xxxxxx> writes: > Sure, that's done. If any of the four characters is not a hexadecimal > digit then packet_length() returns a negative value, before and after > the change. Ah, it is the beauty of hexval[] table ;-) So as long as we are sure that we are not running beyond the end of the buffer, we are OK. And as I already said, I think "this change is safe for our two callers; those adding more callers in the future are better be very careful" is probably good enough for this one. hex.h:hex2chr() says "don't run over the end of short strings", but as far as I can see it does not check any such thing; find a page of memory, whose next page is unmapped, and pointing *s at the last byte of that page and calling it will happily run over the end and would cause SIGBUS. The function assumes that such a short string is always NUL terminated, which is not a great way to guarantee that we do not run over the end of strings.
