From 61d36330b422237b6be9581cdbade07782ab61a8 Mon Sep 17 00:00:00 2001 From: Jeff King Date: Wed, 27 Sep 2017 02:00:28 -0400 Subject: prefer "!=" when checking read_in_full() result Comparing the result of read_in_full() using less-than is potentially dangerous, as a negative return value may be converted to an unsigned type and be considered a success. This is discussed further in 561598cfcf (read_pack_header: handle signed/unsigned comparison in read result, 2017-09-13). Each of these instances is actually fine in practice: - in get-tar-commit-id, the HEADERSIZE macro expands to a signed integer. If it were switched to an unsigned type (e.g., a size_t), then it would be a bug. - the other two callers check for a short read only after handling a negative return separately. This is a fine practice, but we'd prefer to model "!=" as a general rule. So all of these cases can be considered cleanups and not actual bugfixes. Signed-off-by: Jeff King Signed-off-by: Junio C Hamano --- csum-file.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'csum-file.c') diff --git a/csum-file.c b/csum-file.c index a172199e44..2adae04073 100644 --- a/csum-file.c +++ b/csum-file.c @@ -19,7 +19,7 @@ static void flush(struct sha1file *f, const void *buf, unsigned int count) if (ret < 0) die_errno("%s: sha1 file read error", f->name); - if (ret < count) + if (ret != count) die("%s: sha1 file truncated", f->name); if (memcmp(buf, check_buffer, count)) die("sha1 file '%s' validation error", f->name); -- cgit v1.2.3