src: replace unreachable code with static_assert

This function base64-decodes a given JavaScript string to obtain the secret key, whose length must not exceed INT_MAX. However, because JavaScript strings are limited to v8::String::kMaxLength chars and because base64 decoding never yields more bytes than input chars, the size of the decoded key must be strictly less than v8::String::kMaxLength bytes. Therefore, it is sufficient to statically assert that String::kMaxLength <= INT_MAX (which is always true because String::kMaxLength itself is an int). Aside from being unreachable, Coverity considers the current code "suspicious" because it indicates that buffers larger than INT_MAX might actually be allocated. PR-URL: #46209 Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Yagiz Nizipli <[email protected]> Reviewed-By: Rich Trott <[email protected]> Reviewed-By: Colin Ihrig <[email protected]> Reviewed-By: Minwoo Jung <[email protected]> Reviewed-By: Darshan Sen <[email protected]> Reviewed-By: Filip Skokan <[email protected]>
nodejs · Jan 31, 2023 · 94605b1 · 94605b1
1 parent 3e70b7d
commit 94605b1
Showing 1 changed file with 1 addition and 5 deletions.
diff --git a/src/crypto/crypto_keys.cc b/src/crypto/crypto_keys.cc
@@ -479,12 +479,8 @@ std::shared_ptr<KeyObjectData> ImportJWKSecretKey(
     return std::shared_ptr<KeyObjectData>();
   }
 
+  static_assert(String::kMaxLength <= INT_MAX);
   ByteSource key_data = ByteSource::FromEncodedString(env, key.As<String>());
-  if (key_data.size() > INT_MAX) {
-    THROW_ERR_CRYPTO_INVALID_KEYLEN(env);
-    return std::shared_ptr<KeyObjectData>();
-  }
-
   return KeyObjectData::CreateSecret(std::move(key_data));
 }