Home > Software design >  Please explain OpenSSL CVE-2022-3786 'sizeof' change
Please explain OpenSSL CVE-2022-3786 'sizeof' change

Time:11-03

What is difference between these 2 sizeof operator uses?

From here: https://github.com/openssl/openssl/commit/680e65b94c916af259bfdc2e25f1ab6e0c7a97d6?diff=split

unsigned int *pDecoded

...

memmove(pDecoded   i   1, pDecoded   i, (written_out - i) * sizeof *pDecoded);
memmove(pDecoded   i   1, pDecoded   i, (written_out - i) * sizeof (*pDecoded));

I think sizeof *PDecoded returns sizeof pointer to unsigned int. Whereas, sizeof (*pDecoded) returns sizeof unsigned int.

CodePudding user response:

There is no difference; these expressions are equivalent.

#include <stdio.h>

int main(void)
{
    unsigned int *foo;

    printf("sizeof foo <%zu> | sizeof *foo <%zu> or <%zu>\n",
            sizeof foo, sizeof *foo, sizeof (*foo));
}

Output (on my machine):

sizeof foo <8> | sizeof *foo <4> or <4>

This looks like a style choice. The only other use of sizeof in the file also has superfluous parenthesis:

char a_ulabel[LABEL_BUF_SIZE   1];
size_t a_size = sizeof(a_ulabel);

The parenthesis are only required when the operand is a type:

sizeof (int)

Otherwise, they are used to influence operator precedence.

Page link:https//www.codepudding.com/Softwaredesign/597094.html

Prev:STM32 Button Read
Next:why the edge function give segmentation error
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding