Dear Ventoy community –
Our team is working with your code and we noticed this if logical expression:
if (len - 1 - (int)(long)(pos - pwdstr) != 32)
We studied the surrounding code. We believe we understand the intention of the type casts in the above if statement. It seems they were meant to ensure an underflow doesn’t occur by the subtraction between to char pointers, which is a great catch (!). However, we believe the way the type casts are structured, the code is not actually protecting against such underflow because pwdstr isn’t cast into a signed long until after the subtraction occurs. To properly protect this code against underflow, we believe it should be changed to something like the following:
if (len - 1 - ((long)pos – (long)pwdstr) != 32)
Or, to enhance readability for junior engineers who may not know that the “long” type cast is implicitly of a signed integer type, we could include the `signed` keyword for added verbosity:
if (len - 1 - ((signed long)pos – (signed long)pwdstr) != 32)
Thank you!
Hotkey m is for calculate checksum and print the result.
If also exist a .md5/.sha1/.sha256/.sha512 file, then it will check the result with the value in the file.
The .md5/.sha1/.sha256/.sha512 suffix is appended to the original file name not replace the original suffix.
For example:
/ISO/Ubuntu-20.04-amd64-desktop.iso
/ISO/Ubuntu-20.04-amd64-desktop.iso.md5
Still, Ventoy is used in some non standard way. (e.g. WuYouBBS)
I have explained in
8bbd5a14a3
So I add an extra check.
This is also a prepare for the future Ventoy secure boot policy.