mirror of
https://github.com/trezor/trezor-firmware.git
synced 2024-12-20 05:18:08 +00:00
fix(core/bootloader): explicit casts on version compare to control signed/unsigned arithmetic mix
This commit is contained in:
parent
02f34a2748
commit
6658ad84d1
@ -432,18 +432,23 @@ static bool _read_payload(pb_istream_t *stream, const pb_field_t *field,
|
|||||||
}
|
}
|
||||||
|
|
||||||
static int version_compare(uint32_t vera, uint32_t verb) {
|
static int version_compare(uint32_t vera, uint32_t verb) {
|
||||||
|
/* Explicit casts so that we control how compiler does the unsigned shift
|
||||||
|
* and correctly then promote uint8_t to int without possibility of
|
||||||
|
* having implementation-defined right shift on negative int
|
||||||
|
* in case compiler promoted the wrong unsinged int
|
||||||
|
*/
|
||||||
int a, b;
|
int a, b;
|
||||||
a = vera & 0xFF;
|
a = (uint8_t)vera & 0xFF;
|
||||||
b = verb & 0xFF;
|
b = (uint8_t)verb & 0xFF;
|
||||||
if (a != b) return a - b;
|
if (a != b) return a - b;
|
||||||
a = (vera >> 8) & 0xFF;
|
a = (uint8_t)(vera >> 8) & 0xFF;
|
||||||
b = (verb >> 8) & 0xFF;
|
b = (uint8_t)(verb >> 8) & 0xFF;
|
||||||
if (a != b) return a - b;
|
if (a != b) return a - b;
|
||||||
a = (vera >> 16) & 0xFF;
|
a = (uint8_t)(vera >> 16) & 0xFF;
|
||||||
b = (verb >> 16) & 0xFF;
|
b = (uint8_t)(verb >> 16) & 0xFF;
|
||||||
if (a != b) return a - b;
|
if (a != b) return a - b;
|
||||||
a = (vera >> 24) & 0xFF;
|
a = (uint8_t)(vera >> 24) & 0xFF;
|
||||||
b = (verb >> 24) & 0xFF;
|
b = (uint8_t)(verb >> 24) & 0xFF;
|
||||||
return a - b;
|
return a - b;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user