Don't use assert() for an overflow check

assert() can be removed so let's not rely on that to detect the possible overflow. Signed-off-by: David Goulet <dgoulet@riseup.net>

Don't use assert() for an overflow check
2d77a432 · David Goulet · 619b7e46 · 2d77a432
Commit 2d77a432 authored 8 years ago by David Goulet
--- a/src/trees-ostream.c
+++ b/src/trees-ostream.c
@@ -20,7 +20,6 @@
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */

-#include <assert.h>
 #include <arpa/inet.h>
 #include <string.h>

@@ -84,11 +83,15 @@ trees_ostream_send_chunk(struct trees_ostream *sstream,
                         const unsigned char *chunk, size_t chunk_size)
 {
  ssize_t ret;
-  /* Extra protection here against overflow. Maybe too agressive! */
-  assert(chunk_size < (SSIZE_MAX - crypto_box_SEALBYTES));
  size_t ciphertext_len = crypto_box_SEALBYTES + chunk_size;
  unsigned char ciphertext[ciphertext_len];

+  /* Extra protection here against overflow. */
+  if (chunk_size < (SSIZE_MAX - crypto_box_SEALBYTES)) {
+    sstream->ostream.ostream.stream_errno = EIO;
+    goto err;
+  }
+
  sodium_memzero(ciphertext, sizeof(ciphertext));
  ret = crypto_box_seal(ciphertext, chunk, chunk_size,
                        sstream->public_key);