Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 28 Aug 2014 18:11:05 +0000 (UTC)
From:      "Pedro F. Giffuni" <pfg@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org
Subject:   svn commit: r270756 - in stable/10: bin/ed libexec/rtld-elf usr.bin/mail
Message-ID:  <201408281811.s7SIB5oh089427@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: pfg
Date: Thu Aug 28 18:11:05 2014
New Revision: 270756
URL: http://svnweb.freebsd.org/changeset/base/270756

Log:
  MFC	r270256:
  Always check the limits of array index variables before using them.
  
  Obtained from:	DragonFlyBSD

Modified:
  stable/10/bin/ed/cbc.c
  stable/10/libexec/rtld-elf/libmap.c
  stable/10/usr.bin/mail/edit.c
Directory Properties:
  stable/10/   (props changed)

Modified: stable/10/bin/ed/cbc.c
==============================================================================
--- stable/10/bin/ed/cbc.c	Thu Aug 28 17:40:19 2014	(r270755)
+++ stable/10/bin/ed/cbc.c	Thu Aug 28 18:11:05 2014	(r270756)
@@ -237,7 +237,7 @@ expand_des_key(char *obuf, char *kbuf)
 		/*
 		 * now translate it, bombing on any illegal hex digit
 		 */
-		for (i = 0; kbuf[i] && i < 16; i++)
+		for (i = 0; i < 16 && kbuf[i]; i++)
 			if ((nbuf[i] = hex_to_binary((int) kbuf[i], 16)) == -1)
 				des_error("bad hex digit in key");
 		while (i < 16)

Modified: stable/10/libexec/rtld-elf/libmap.c
==============================================================================
--- stable/10/libexec/rtld-elf/libmap.c	Thu Aug 28 17:40:19 2014	(r270755)
+++ stable/10/libexec/rtld-elf/libmap.c	Thu Aug 28 18:11:05 2014	(r270756)
@@ -216,14 +216,14 @@ lmc_parse(char *lm_p, size_t lm_len)
 	p = NULL;
 	while (cnt < lm_len) {
 		i = 0;
-		while (lm_p[cnt] != '\n' && cnt < lm_len &&
+		while (cnt < lm_len && lm_p[cnt] != '\n' &&
 		    i < sizeof(line) - 1) {
 			line[i] = lm_p[cnt];
 			cnt++;
 			i++;
 		}
 		line[i] = '\0';
-		while (lm_p[cnt] != '\n' && cnt < lm_len)
+		while (cnt < lm_len && lm_p[cnt] != '\n')
 			cnt++;
 		/* skip over nl */
 		cnt++;

Modified: stable/10/usr.bin/mail/edit.c
==============================================================================
--- stable/10/usr.bin/mail/edit.c	Thu Aug 28 17:40:19 2014	(r270755)
+++ stable/10/usr.bin/mail/edit.c	Thu Aug 28 18:11:05 2014	(r270756)
@@ -81,7 +81,7 @@ edit1(int *msgvec, int type)
 	/*
 	 * Deal with each message to be edited . . .
 	 */
-	for (i = 0; msgvec[i] && i < msgCount; i++) {
+	for (i = 0; i < msgCount && msgvec[i]; i++) {
 		sig_t sigint;
 
 		if (i > 0) {



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201408281811.s7SIB5oh089427>