Date: Wed, 11 Mar 2020 14:09:00 -0700 From: Xin Li <delphij@FreeBSD.org> To: cem@freebsd.org Cc: src-committers <src-committers@freebsd.org>, svn-src-all <svn-src-all@freebsd.org>, svn-src-head <svn-src-head@freebsd.org> Subject: Re: svn commit: r326052 - head/usr.bin/gzip Message-ID: <3e0f2ee3-5406-76ae-9042-4edd9301db23@FreeBSD.org> In-Reply-To: <CAG6CVpUGH_i%2B_kx0pBd_MAFLMT10SpYG427BtNRBhEX3PBygqQ@mail.gmail.com> References: <201711210814.vAL8EUgM047088@repo.freebsd.org> <CAG6CVpUGH_i%2B_kx0pBd_MAFLMT10SpYG427BtNRBhEX3PBygqQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --rkFxnE0IqRTRPJcY9ZbwJJI5dOMJIYTzL Content-Type: multipart/mixed; boundary="impGTs6glpXYcbLNKmoQ07PPD9lZi9D3J"; protected-headers="v1" From: Xin Li <delphij@FreeBSD.org> To: cem@freebsd.org Cc: src-committers <src-committers@freebsd.org>, svn-src-all <svn-src-all@freebsd.org>, svn-src-head <svn-src-head@freebsd.org> Message-ID: <3e0f2ee3-5406-76ae-9042-4edd9301db23@FreeBSD.org> Subject: Re: svn commit: r326052 - head/usr.bin/gzip References: <201711210814.vAL8EUgM047088@repo.freebsd.org> <CAG6CVpUGH_i+_kx0pBd_MAFLMT10SpYG427BtNRBhEX3PBygqQ@mail.gmail.com> In-Reply-To: <CAG6CVpUGH_i+_kx0pBd_MAFLMT10SpYG427BtNRBhEX3PBygqQ@mail.gmail.com> --impGTs6glpXYcbLNKmoQ07PPD9lZi9D3J Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 3/10/20 18:26, Conrad Meyer wrote: > Hi Xin Li, >=20 > Sorry to reply to an old commit. >=20 > On Tue, Nov 21, 2017 at 12:14 AM Xin LI <delphij@freebsd.org> wrote: >> >> Author: delphij >> Date: Tue Nov 21 08:14:30 2017 >> New Revision: 326052 >> URL: https://svnweb.freebsd.org/changeset/base/326052 >> >> Log: >> Support SIGINFO. >> ... >> --- head/usr.bin/gzip/unpack.c Tue Nov 21 07:35:29 2017 (r3260= 51) >> +++ head/usr.bin/gzip/unpack.c Tue Nov 21 08:14:30 2017 (r3260= 52) >> ... >> @@ -152,6 +155,9 @@ unpack_parse_header(int in, int out, char *pre, si= ze_t >> ssize_t bytesread; /* Bytes read from the file */= >> int i, j, thisbyte; >> >> + if (prelen > sizeof hdr) >> + maybe_err("prelen too long"); >=20 > This check should perhaps be >=3D, rather than >. >=20 >> + >> /* Prepend the header buffer if we already read some data */ >> if (prelen !=3D 0) >> memcpy(hdr, pre, prelen); >> @@ -160,6 +166,7 @@ unpack_parse_header(int in, int out, char *pre, si= ze_t >> bytesread =3D read(in, hdr + prelen, PACK_HEADER_LENGTH - prel= en); >=20 > In the case where prelen =3D=3D sizeof(hdr), we invoke read(, pointer p= ast > end of hdr, 0) above. This should have no effect, but looks > unintended, and tickles Coverity (CID 1383554). Thanks for the analysis. It seems that this is a false positive because the situation can never happen with the current code (the passed prelen has to be either 0 or 4). I've created a changeset at: https://reviews.freebsd.org/D24034 to address it. Cheers, --impGTs6glpXYcbLNKmoQ07PPD9lZi9D3J-- --rkFxnE0IqRTRPJcY9ZbwJJI5dOMJIYTzL Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.2.19 (Darwin) iQIzBAEBCgAdFiEEceNg5NEMZIki80nQQHl/fJX0g08FAl5pU20ACgkQQHl/fJX0 g0+JmQ//VgudTnNlDVjUPvCkEcpR5a0JJdVYkPa+8czUMBNw//AzKwOpgK7vfOA9 8ytYk+RDfDlu57cuSPdUuAHUcOi0iZFEVD8iIbGDawruAt1Oo3fi6pKD5HQRWG4j PJpibiSuStmCexoPyVdV7KE0IIh/ozDZHqyhbRF9woqHfMmTj4KnjXgAcB3XbG87 d0QD4mqBiNt/yEy2oEvOWFP+09tYeCsny7PmV91XtV2D9lSYrZ+AFUX+OXo3yqbt gS+f0VBdafJ04u9C+uk5g0s6qi2fWLcaD+jyDL2iZllZ1Z5PR0gBYhgaSDVjBY7o oDKYg6OmaPBrUh9piM/yqnMnBham6a/5KR6rJFm3ebJq/E6I/z3L9h217ULv75kM vQ6BkXlGiAhULHXZzxmOGPuJFp3otatllauKLLQOAj0VST8L/zOhnO1HGYlaJAWX 4WFM2q7mH8sLqgjqZv2cAKde2/JFISPqqYvjoJLx/hVKYyYSfb20NGrXD661bk6S aSxp48QkilnLAYyYWB9uaHcD4xGJy3dm0LFLl+g1ATKf2ckM1hmnfdEFzJEOBk/K 5YhFGbivZt5GJzrslCcANTSe/+mYtrXAY3hAZ6W5CAPS1of36QROSFm3odDrS1fe /QoA1+OGMZKiovw4CpNHhzHTYO3pcsKEETX49UBGV3tIy/s6L5A= =dWwZ -----END PGP SIGNATURE----- --rkFxnE0IqRTRPJcY9ZbwJJI5dOMJIYTzL--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3e0f2ee3-5406-76ae-9042-4edd9301db23>