Address outstanding comments from CL 10384140

This adds some clarifying comments, no code-changes here.

BUG=none
TEST=none


Review URL: https://chromiumcodereview.appspot.com/10406022

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@137695 0039d316-1c4b-4281-b951-d872f2087c98

base/base64.cc

-// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
@@ -14,7 +14,9 @@ bool Base64Encode(const StringPiece& input, std::string* output) {
 
   // null terminates result since result is base64 text!
   int input_size = static_cast<int>(input.size());
-  int output_size= modp_b64_encode(&(temp[0]), input.data(), input_size);
+
+  // modp_b64_encode_len() returns at least 1, so temp[0] is safe to use.
+  int output_size = modp_b64_encode(&(temp[0]), input.data(), input_size);
   if (output_size < 0)
     return false;
 

remoting/host/me2me_preference_pane.mm

@@ -83,6 +83,8 @@ bool IsPinValid(const std::string& pin, const std::string& host_id,
   int hash_base64_size = static_cast<int>(hash_base64.size());
   std::string hash;
   hash.resize(modp_b64_decode_len(hash_base64_size));
+
+  // modp_b64_decode_len() returns at least 1, so hash[0] is safe here.
   int hash_size = modp_b64_decode(&(hash[0]), hash_base64.data(),
                                   hash_base64_size);
   if (hash_size < 0) {
@@ -99,6 +101,9 @@ bool IsPinValid(const std::string& pin, const std::string& host_id,
          pin.data(), pin.size(),
          &(computed_hash[0]));
 
+  // Normally, a constant-time comparison function would be used, but it is
+  // unnecessary here as the "secret" is already readable by the user
+  // supplying input to this routine.
   return computed_hash == hash;
 }