This is a lab exercise on developing secure software. For more information, see the introduction to the labs.
Please change the code below to avoid unintended type conversions.
In this exercise, we'll identify and correct an unintended type conversion (aka an unintended type cast).
In the example below, in the C programming language, we're processing messages stored in a queue. We retrieve the messages with a call to a function called get_queue. We pass the get_queue function one argument by reference, an array in which messages can be stored, and it returns the number of messages which were written into the array. We then iterate over the messages we've retrieved, and process them by calling process_message.
Unfortunately, because of a mismatch in the type we use for queue_count and the return type of get_queue, it's possible that we'll try to process the wrong number of messages. Processing too few messages is bad, because it means we're losing information, and attempting to process too many can lead to errors if we treat uninitialized memory in the messages array as data, or possibly a segmentation fault if we attempt to read beyond the end of the array.
Change the code below to avoid unintentional conversions or truncations of the return value of get_queue. Use the “hint” and “give up” buttons if necessary.