search

amazon-ion / ion-c

A C implementation of Amazon Ion.
https://amazon-ion.github.io/ion-docs/
Apache License 2.0
166 stars 43 forks source link

Fix unsigned comparison which could fail due to numeric overflow #352

Closed nirosys closed 2 weeks ago

nirosys commented 2 weeks ago

Issue #, if available: Code Scanning 6

Description of changes: This PR addresses a comparison that was highlighted by gh code scanning. The original code contained:

stream->size() - end_index > 0

Where both stream->size() and end_index are of type size_t, which is unsigned. If end_index is larger than stream->size(), the result will be a positive value, due to numeric overflow. If this were to happen, stream->at(end_index++) would throw an exception, if exceptions are enabled, or abort the process if not.

This PR re-words the comparison to highlight that we expect end_index to be less than the stream's size, and lessen the chance of overflow potential if the condition were to change later.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

nirosys commented 2 weeks ago

Need to update GHA for uploading ion-test-driver results, and MacOS tests (gcc 11 was removed from all MacOS images in August).

nirosys commented 2 weeks ago

MacOS build addressed with #353.

nirosys commented 2 weeks ago

ion-test-driver failures addressed in #354

nirosys commented 2 weeks ago

Thank you @tgregg ! :)