From 30aa0f84dbb274afdd95006ed18431e131654cac Mon Sep 17 00:00:00 2001
From: Deomid Ryabkov <rojer@cesanta.com>
Date: Thu, 8 Feb 2018 12:30:19 +0000
Subject: [PATCH] Make cs_varint_decode only return valid data

PUBLISHED_FROM=726d015857ed29cec877e5bc82041f75db3e02bf
---
 common/cs_varint.c | 9 ++++++---
 mjs.c              | 9 ++++++---
 2 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/common/cs_varint.c b/common/cs_varint.c
index 7209955..ea572a2 100644
--- a/common/cs_varint.c
+++ b/common/cs_varint.c
@@ -32,7 +32,7 @@ size_t cs_varint_encode(uint64_t num, uint8_t *buf, size_t buf_size) {
 bool cs_varint_decode(const uint8_t *buf, size_t buf_size, uint64_t *num,
                       size_t *llen) {
   size_t i = 0, shift = 0;
-  *num = 0;
+  uint64_t n = 0;
 
   do {
     if (i == buf_size || i == (8 * sizeof(*num) / 7 + 1)) return false;
@@ -40,15 +40,18 @@ bool cs_varint_decode(const uint8_t *buf, size_t buf_size, uint64_t *num,
      * Each byte of varint contains 7 bits, in little endian order.
      * MSB is a continuation bit: it tells whether next byte is used.
      */
-    *num |= ((uint64_t)(buf[i] & 0x7f)) << shift;
+    n |= ((uint64_t)(buf[i] & 0x7f)) << shift;
     /*
      * First we increment i, then check whether it is within boundary and
      * whether decoded byte had continuation bit set.
      */
-    *llen = ++i;
+    i++;
     shift += 7;
   } while (shift < sizeof(uint64_t) * 8 && (buf[i - 1] & 0x80));
 
+  *num = n;
+  *llen = i;
+
   return true;
 }
 
diff --git a/mjs.c b/mjs.c
index e5adba3..a5124bc 100644
--- a/mjs.c
+++ b/mjs.c
@@ -4877,7 +4877,7 @@ size_t cs_varint_encode(uint64_t num, uint8_t *buf, size_t buf_size) {
 bool cs_varint_decode(const uint8_t *buf, size_t buf_size, uint64_t *num,
                       size_t *llen) {
   size_t i = 0, shift = 0;
-  *num = 0;
+  uint64_t n = 0;
 
   do {
     if (i == buf_size || i == (8 * sizeof(*num) / 7 + 1)) return false;
@@ -4885,15 +4885,18 @@ bool cs_varint_decode(const uint8_t *buf, size_t buf_size, uint64_t *num,
      * Each byte of varint contains 7 bits, in little endian order.
      * MSB is a continuation bit: it tells whether next byte is used.
      */
-    *num |= ((uint64_t)(buf[i] & 0x7f)) << shift;
+    n |= ((uint64_t)(buf[i] & 0x7f)) << shift;
     /*
      * First we increment i, then check whether it is within boundary and
      * whether decoded byte had continuation bit set.
      */
-    *llen = ++i;
+    i++;
     shift += 7;
   } while (shift < sizeof(uint64_t) * 8 && (buf[i - 1] & 0x80));
 
+  *num = n;
+  *llen = i;
+
   return true;
 }