Date: Sat, 21 Aug 2004 13:19:44 +0400 (MSD) From: Maxim Konovalov <maxim@macomnet.ru> To: Skip Ford <skip.ford@verizon.net> Cc: Ted Unangst <tedu@coverity.com> Subject: Re: off by one bounds Message-ID: <20040821131924.U34847@mp2.macomnet.net> In-Reply-To: <20040821090001.GB593@lucy.pool-70-17-33-167.pskn.east.verizon.net> References: <412652AA.5020308@coverity.com> <20040821120624.I34489@mp2.macomnet.net> <20040821090001.GB593@lucy.pool-70-17-33-167.pskn.east.verizon.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 21 Aug 2004, 05:00-0400, Skip Ford wrote: > Maxim Konovalov wrote: > > On Fri, 20 Aug 2004, 12:36-0700, Ted Unangst wrote: > > > >> errors in freebsd 4.10 found by Coverity's analysis. > > > >> ip_icmp.c:ip_next_mtu, i == sizeof, dir >= 0 > > > > If i == sizeof then mtutab[i] == 0 > > If "i == sizeof" then mtutab[i] is out of bounds, off by one. > There is no mtutab[sizeof mtutab / sizeof mtutab[0]]. > > This isn't specific to RELENG_4 Ah, yes, sorry. -- Maxim Konovalov
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040821131924.U34847>