From 7718b244011661a5273121d1b545a18f1a5cd497 Mon Sep 17 00:00:00 2001
From: Aidan MacDonald <amachronic@protonmail.com>
Date: Sun, 27 Mar 2022 00:08:28 +0000
Subject: buffering: fix signed overflow in next_handle_id()

Not sure what the comment is talking about - signed overflow
is undefined behavior and we don't use -fwrapv or other flags
to make it defined. I can't see how a compiler could abuse it
here, but the overflow is nonetheless easily avoided.

Change-Id: Ibed6d7c0d841db2aa86b9d8ba4c6a0d08c413354
---
 apps/buffering.c | 13 +++++--------
 1 file changed, 5 insertions(+), 8 deletions(-)

(limited to 'apps/buffering.c')

diff --git a/apps/buffering.c b/apps/buffering.c
index 3adbc4a6b9..f80d73a4a8 100644
--- a/apps/buffering.c
+++ b/apps/buffering.c
@@ -71,8 +71,6 @@
 /* amount of data to read in one read() call */
 #define BUFFERING_DEFAULT_FILECHUNK      (1024*32)
 
-#define BUF_HANDLE_MASK                  0x7FFFFFFF
-
 enum handle_flags
 {
     H_CANWRAP   = 0x1,   /* Handle data may wrap in buffer */
@@ -295,12 +293,11 @@ static int next_handle_id(void)
 {
     static int cur_handle_id = 0;
 
-    /* Wrap signed int is safe and 0 doesn't happen */
-    int next_hid = (cur_handle_id + 1) & BUF_HANDLE_MASK;
-    if (next_hid == 0)
-        next_hid = 1;
-
-    cur_handle_id = next_hid;
+    int next_hid = cur_handle_id + 1;
+    if (next_hid == INT_MAX)
+        cur_handle_id = 0; /* next would overflow; reset the counter */
+    else
+        cur_handle_id = next_hid;
 
     return next_hid;
 }
-- 
cgit v1.2.3