Date: Thu, 28 Aug 2014 18:11:05 +0000 (UTC) From: "Pedro F. Giffuni" <pfg@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org Subject: svn commit: r270756 - in stable/10: bin/ed libexec/rtld-elf usr.bin/mail Message-ID: <201408281811.s7SIB5oh089427@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: pfg Date: Thu Aug 28 18:11:05 2014 New Revision: 270756 URL: http://svnweb.freebsd.org/changeset/base/270756 Log: MFC r270256: Always check the limits of array index variables before using them. Obtained from: DragonFlyBSD Modified: stable/10/bin/ed/cbc.c stable/10/libexec/rtld-elf/libmap.c stable/10/usr.bin/mail/edit.c Directory Properties: stable/10/ (props changed) Modified: stable/10/bin/ed/cbc.c ============================================================================== --- stable/10/bin/ed/cbc.c Thu Aug 28 17:40:19 2014 (r270755) +++ stable/10/bin/ed/cbc.c Thu Aug 28 18:11:05 2014 (r270756) @@ -237,7 +237,7 @@ expand_des_key(char *obuf, char *kbuf) /* * now translate it, bombing on any illegal hex digit */ - for (i = 0; kbuf[i] && i < 16; i++) + for (i = 0; i < 16 && kbuf[i]; i++) if ((nbuf[i] = hex_to_binary((int) kbuf[i], 16)) == -1) des_error("bad hex digit in key"); while (i < 16) Modified: stable/10/libexec/rtld-elf/libmap.c ============================================================================== --- stable/10/libexec/rtld-elf/libmap.c Thu Aug 28 17:40:19 2014 (r270755) +++ stable/10/libexec/rtld-elf/libmap.c Thu Aug 28 18:11:05 2014 (r270756) @@ -216,14 +216,14 @@ lmc_parse(char *lm_p, size_t lm_len) p = NULL; while (cnt < lm_len) { i = 0; - while (lm_p[cnt] != '\n' && cnt < lm_len && + while (cnt < lm_len && lm_p[cnt] != '\n' && i < sizeof(line) - 1) { line[i] = lm_p[cnt]; cnt++; i++; } line[i] = '\0'; - while (lm_p[cnt] != '\n' && cnt < lm_len) + while (cnt < lm_len && lm_p[cnt] != '\n') cnt++; /* skip over nl */ cnt++; Modified: stable/10/usr.bin/mail/edit.c ============================================================================== --- stable/10/usr.bin/mail/edit.c Thu Aug 28 17:40:19 2014 (r270755) +++ stable/10/usr.bin/mail/edit.c Thu Aug 28 18:11:05 2014 (r270756) @@ -81,7 +81,7 @@ edit1(int *msgvec, int type) /* * Deal with each message to be edited . . . */ - for (i = 0; msgvec[i] && i < msgCount; i++) { + for (i = 0; i < msgCount && msgvec[i]; i++) { sig_t sigint; if (i > 0) {
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201408281811.s7SIB5oh089427>