From owner-svn-src-head@freebsd.org Thu Sep 26 13:27:26 2019 Return-Path: Delivered-To: svn-src-head@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 911521271B8; Thu, 26 Sep 2019 13:27:26 +0000 (UTC) (envelope-from emaste@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 46fG1p3K2Bz4Fsg; Thu, 26 Sep 2019 13:27:26 +0000 (UTC) (envelope-from emaste@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 5532DC87; Thu, 26 Sep 2019 13:27:26 +0000 (UTC) (envelope-from emaste@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x8QDRQjJ074394; Thu, 26 Sep 2019 13:27:26 GMT (envelope-from emaste@FreeBSD.org) Received: (from emaste@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id x8QDRQqM074393; Thu, 26 Sep 2019 13:27:26 GMT (envelope-from emaste@FreeBSD.org) Message-Id: <201909261327.x8QDRQqM074393@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: emaste set sender to emaste@FreeBSD.org using -f From: Ed Maste Date: Thu, 26 Sep 2019 13:27:26 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r352742 - head/usr.bin/bsdiff/bspatch X-SVN-Group: head X-SVN-Commit-Author: emaste X-SVN-Commit-Paths: head/usr.bin/bsdiff/bspatch X-SVN-Commit-Revision: 352742 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Sep 2019 13:27:26 -0000 Author: emaste Date: Thu Sep 26 13:27:25 2019 New Revision: 352742 URL: https://svnweb.freebsd.org/changeset/base/352742 Log: bspatch: add integer overflow checks Introduce a new add_off_t static function that exits with an error message if there's an overflow, otherwise returns their sum. Use this when adding values obtained from the input patch. Reviewed by: delphij, allanjude (earlier) MFC after: 1 week Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D7897 Modified: head/usr.bin/bsdiff/bspatch/bspatch.c Modified: head/usr.bin/bsdiff/bspatch/bspatch.c ============================================================================== --- head/usr.bin/bsdiff/bspatch/bspatch.c Thu Sep 26 12:54:52 2019 (r352741) +++ head/usr.bin/bsdiff/bspatch/bspatch.c Thu Sep 26 13:27:25 2019 (r352742) @@ -61,6 +61,23 @@ exit_cleanup(void) warn("unlinkat"); } +static inline off_t +add_off_t(off_t a, off_t b) +{ + off_t result; + +#if __GNUC__ >= 5 || \ + (defined(__has_builtin) && __has_builtin(__builtin_add_overflow)) + if (__builtin_add_overflow(a, b, &result)) + errx(1, "Corrupt patch"); +#else + if ((b > 0 && a > OFF_MAX - b) || (b < 0 && a < OFF_MIN - b)) + errx(1, "Corrupt patch"); + result = a + b; +#endif + return result; +} + static off_t offtin(u_char *buf) { off_t y; @@ -199,12 +216,12 @@ int main(int argc, char *argv[]) err(1, "fseeko(%s, %jd)", argv[3], (intmax_t)offset); if ((cpfbz2 = BZ2_bzReadOpen(&cbz2err, cpf, 0, 0, NULL, 0)) == NULL) errx(1, "BZ2_bzReadOpen, bz2err = %d", cbz2err); - offset += bzctrllen; + offset = add_off_t(offset, bzctrllen); if (fseeko(dpf, offset, SEEK_SET)) err(1, "fseeko(%s, %jd)", argv[3], (intmax_t)offset); if ((dpfbz2 = BZ2_bzReadOpen(&dbz2err, dpf, 0, 0, NULL, 0)) == NULL) errx(1, "BZ2_bzReadOpen, bz2err = %d", dbz2err); - offset += bzdatalen; + offset = add_off_t(offset, bzdatalen); if (fseeko(epf, offset, SEEK_SET)) err(1, "fseeko(%s, %jd)", argv[3], (intmax_t)offset); if ((epfbz2 = BZ2_bzReadOpen(&ebz2err, epf, 0, 0, NULL, 0)) == NULL) @@ -238,7 +255,7 @@ int main(int argc, char *argv[]) errx(1, "Corrupt patch"); /* Sanity-check */ - if (newpos + ctrl[0] > newsize) + if (add_off_t(newpos, ctrl[0]) > newsize) errx(1, "Corrupt patch"); /* Read diff string */ @@ -249,15 +266,15 @@ int main(int argc, char *argv[]) /* Add old data to diff string */ for (i = 0; i < ctrl[0]; i++) - if ((oldpos + i >= 0) && (oldpos + i < oldsize)) + if (add_off_t(oldpos, i) < oldsize) new[newpos + i] += old[oldpos + i]; /* Adjust pointers */ - newpos += ctrl[0]; - oldpos += ctrl[0]; + newpos = add_off_t(newpos, ctrl[0]); + oldpos = add_off_t(oldpos, ctrl[0]); /* Sanity-check */ - if (newpos + ctrl[1] > newsize) + if (add_off_t(newpos, ctrl[1]) > newsize) errx(1, "Corrupt patch"); /* Read extra string */ @@ -267,8 +284,8 @@ int main(int argc, char *argv[]) errx(1, "Corrupt patch"); /* Adjust pointers */ - newpos+=ctrl[1]; - oldpos+=ctrl[2]; + newpos = add_off_t(newpos, ctrl[1]); + oldpos = add_off_t(oldpos, ctrl[2]); } /* Clean up the bzip2 reads */