arno/trezor-firmware
1
0
Fork 0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-12-19 21:08:07 +00:00
Code Issues Releases Wiki Activity

fix(core/bootloader): explicit casts on version compare to control signed/unsigned arithmetic mix

Browse Source
This commit is contained in:
Ondrej Mikle 2023-10-27 15:02:20 +02:00 committed by matejcik
parent 02f34a2748
commit 6658ad84d1
1 changed files with 13 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
core/embed/bootloader/messages.c
View File

@ -432,18 +432,23 @@ static bool _read_payload(pb_istream_t *stream, const pb_field_t *field,
}
static int version_compare(uint32_t vera, uint32_t verb) {
/* Explicit casts so that we control how compiler does the unsigned shift
* and correctly then promote uint8_t to int without possibility of
* having implementation-defined right shift on negative int
* in case compiler promoted the wrong unsinged int
*/
int a, b;
a = vera & 0xFF;
b = verb & 0xFF;
a = (uint8_t)vera & 0xFF;
b = (uint8_t)verb & 0xFF;
if (a != b) return a - b;
a = (vera >> 8) & 0xFF;
b = (verb >> 8) & 0xFF;
a = (uint8_t)(vera >> 8) & 0xFF;
b = (uint8_t)(verb >> 8) & 0xFF;
if (a != b) return a - b;
a = (vera >> 16) & 0xFF;
b = (verb >> 16) & 0xFF;
a = (uint8_t)(vera >> 16) & 0xFF;
b = (uint8_t)(verb >> 16) & 0xFF;
if (a != b) return a - b;
a = (vera >> 24) & 0xFF;
b = (verb >> 24) & 0xFF;
a = (uint8_t)(vera >> 24) & 0xFF;
b = (uint8_t)(verb >> 24) & 0xFF;
return a - b;
}