doh: fix undefined behaviour and open up for gcc and clang optimization

The undefined behaviour is annoying when running fuzzing with sanitizers. The codegen is the same, but the meaning is now not up for dispute. See https://cppinsights.io/s/516a2ff4 By incrementing the pointer first, both gcc and clang recognize this as a bswap and optimizes it to a single instruction. See https://godbolt.org/z/994Zpx Closes #4350
curl · Sep 13, 2019 · dda418266c99ceab368d723facb52069cbb9c8d5 · dda4182
1 parent b766602
commit dda418266c99ceab368d723facb52069cbb9c8d5
Unified Split

Showing with 8 additions and 2 deletions.

+8 −2 lib/doh.c
diff --git a/lib/doh.c b/lib/doh.c
@@ -432,8 +432,14 @@ static unsigned short get16bit(unsigned char *doh, int index)
 
 static unsigned int get32bit(unsigned char *doh, int index)
 {
-  return (doh[index] << 24) | (doh[index + 1] << 16) |
-    (doh[index + 2] << 8) | doh[index + 3];
+   /* make clang and gcc optimize this to bswap by incrementing
+      the pointer first. */
+   doh += index;
+
+   /* avoid undefined behaviour by casting to unsigned before shifting
+      24 bits, possibly into the sign bit. codegen is same, but
+      ub sanitizer won't be upset */
+  return ( (unsigned)doh[0] << 24) | (doh[1] << 16) |(doh[2] << 8) | doh[3];
 }
 
 static DOHcode store_a(unsigned char *doh, int index, struct dohentry *d)