Date: Wed, 07 Aug 2019 07:26:47 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 239688] [patch] geom: uzip: Use mallocarray to prevent potential integer overflow Message-ID: <bug-239688-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D239688 Bug ID: 239688 Summary: [patch] geom: uzip: Use mallocarray to prevent potential integer overflow Product: Base System Version: CURRENT Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: kern Assignee: bugs@FreeBSD.org Reporter: hslester96@gmail.com Created attachment 206322 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D206322&action= =3Dedit g_uzip_zlib patch The implementation of z_alloc() in g_uzip_zlib.c uses malloc() to allocate resources without any check for the size. This may lead to integer overflow. It is better to use mallocarray() here to prevent such risk. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-239688-227>