From owner-freebsd-hackers@FreeBSD.ORG  Sat Aug 21 09:19:48 2004
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 6914316A4CE
	for <hackers@freebsd.org>; Sat, 21 Aug 2004 09:19:48 +0000 (GMT)
Received: from mp2.macomnet.net (mp2.macomnet.net [195.128.64.6])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 7319C43D2D
	for <hackers@freebsd.org>; Sat, 21 Aug 2004 09:19:47 +0000 (GMT)
	(envelope-from maxim@macomnet.ru)
Received-SPF: pass (mp2.macomnet.net: domain of maxim@macomnet.ru designates
	127.0.0.1 as permitted sender) receiver=mp2.macomnet.net; client_ip=127.0.0.1;
	envelope-from=maxim@macomnet.ru;
Received: from localhost (tpg04ddv@localhost [127.0.0.1])
	by mp2.macomnet.net (8.12.11/8.12.11) with ESMTP id i7L9JiBg034855;
	Sat, 21 Aug 2004 13:19:44 +0400 (MSD)
	(envelope-from maxim@macomnet.ru)
Date: Sat, 21 Aug 2004 13:19:44 +0400 (MSD)
From: Maxim Konovalov <maxim@macomnet.ru>
To: Skip Ford <skip.ford@verizon.net>
In-Reply-To: <20040821090001.GB593@lucy.pool-70-17-33-167.pskn.east.verizon.net>
Message-ID: <20040821131924.U34847@mp2.macomnet.net>
References: <412652AA.5020308@coverity.com>
	<20040821120624.I34489@mp2.macomnet.net>
	<20040821090001.GB593@lucy.pool-70-17-33-167.pskn.east.verizon.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
cc: hackers@freebsd.org
cc: Ted Unangst <tedu@coverity.com>
Subject: Re: off by one bounds
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 21 Aug 2004 09:19:48 -0000

On Sat, 21 Aug 2004, 05:00-0400, Skip Ford wrote:

> Maxim Konovalov wrote:
> > On Fri, 20 Aug 2004, 12:36-0700, Ted Unangst wrote:
> >
> >> errors in freebsd 4.10 found by Coverity's analysis.
> >
> >> ip_icmp.c:ip_next_mtu, i == sizeof, dir >= 0
> >
> > If i == sizeof then mtutab[i] == 0
>
> If "i == sizeof" then mtutab[i] is out of bounds, off by one.
> There is no mtutab[sizeof mtutab / sizeof mtutab[0]].
>
> This isn't specific to RELENG_4

Ah, yes, sorry.

-- 
Maxim Konovalov