Date: Tue, 10 Mar 2020 18:26:46 -0700 From: Conrad Meyer <cem@freebsd.org> To: Xin LI <delphij@freebsd.org> Cc: src-committers <src-committers@freebsd.org>, svn-src-all <svn-src-all@freebsd.org>, svn-src-head <svn-src-head@freebsd.org> Subject: Re: svn commit: r326052 - head/usr.bin/gzip Message-ID: <CAG6CVpUGH_i%2B_kx0pBd_MAFLMT10SpYG427BtNRBhEX3PBygqQ@mail.gmail.com> In-Reply-To: <201711210814.vAL8EUgM047088@repo.freebsd.org> References: <201711210814.vAL8EUgM047088@repo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Xin Li, Sorry to reply to an old commit. On Tue, Nov 21, 2017 at 12:14 AM Xin LI <delphij@freebsd.org> wrote: > > Author: delphij > Date: Tue Nov 21 08:14:30 2017 > New Revision: 326052 > URL: https://svnweb.freebsd.org/changeset/base/326052 > > Log: > Support SIGINFO. > ... > --- head/usr.bin/gzip/unpack.c Tue Nov 21 07:35:29 2017 (r326051) > +++ head/usr.bin/gzip/unpack.c Tue Nov 21 08:14:30 2017 (r326052) > ... > @@ -152,6 +155,9 @@ unpack_parse_header(int in, int out, char *pre, size_t > ssize_t bytesread; /* Bytes read from the file */ > int i, j, thisbyte; > > + if (prelen > sizeof hdr) > + maybe_err("prelen too long"); This check should perhaps be >=, rather than >. > + > /* Prepend the header buffer if we already read some data */ > if (prelen != 0) > memcpy(hdr, pre, prelen); > @@ -160,6 +166,7 @@ unpack_parse_header(int in, int out, char *pre, size_t > bytesread = read(in, hdr + prelen, PACK_HEADER_LENGTH - prelen); In the case where prelen == sizeof(hdr), we invoke read(, pointer past end of hdr, 0) above. This should have no effect, but looks unintended, and tickles Coverity (CID 1383554). > if (bytesread < 0) > maybe_err("Error reading pack header"); Best, Conrad
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAG6CVpUGH_i%2B_kx0pBd_MAFLMT10SpYG427BtNRBhEX3PBygqQ>