Date: Fri, 06 Mar 2015 23:35:26 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 198377] libc: Invalid size check in load_msgcat() Message-ID: <bug-198377-8@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=198377 Bug ID: 198377 Summary: libc: Invalid size check in load_msgcat() Product: Base System Version: 11.0-CURRENT Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: misc Assignee: freebsd-bugs@FreeBSD.org Reporter: pfg@FreeBSD.org Created attachment 153941 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=153941&action=edit Fix According to coverity 1193663, the following check always yields a false result: 405 if (st.st_size > SIZE_T_MAX) { 406 _close(fd); 407 SAVEFAIL(name, lang, EFBIG); 408 NLRETERR(EFBIG); 409 } _____ result_independent_of_operands: st.st_size > 18446744073709551615ULL is always false regardless of the values of its operands. This occurs as the logical operand of if. We can workaround this by excluding also SIZE_T_MAX but we should also exclude negative values since that would indicate an overflow. -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-198377-8>