Date: Fri, 7 Oct 2022 15:26:40 GMT From: Ed Maste <emaste@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Subject: git: a8db30cd7009 - stable/13 - libc: Fix size range check in setvbuf Message-ID: <202210071526.297FQe9s048975@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch stable/13 has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=a8db30cd7009c46505ee41517d9ce50add4dd478 commit a8db30cd7009c46505ee41517d9ce50add4dd478 Author: Ed Maste <emaste@FreeBSD.org> AuthorDate: 2022-10-03 18:24:42 +0000 Commit: Ed Maste <emaste@FreeBSD.org> CommitDate: 2022-10-07 15:23:10 +0000 libc: Fix size range check in setvbuf From enh at google.com via openbsd-tech mailing list via pfg@: The existing test is wrong for LP64, where size_t has twice as many relevant bits as int, not just one. (Found by inspection by rprichard.) (cherry picked from commit 9515313b26beb005a521aff2e6edd4d75cd010da) --- lib/libc/stdio/setvbuf.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/libc/stdio/setvbuf.c b/lib/libc/stdio/setvbuf.c index 03a3c7263125..8947e61e7c29 100644 --- a/lib/libc/stdio/setvbuf.c +++ b/lib/libc/stdio/setvbuf.c @@ -39,6 +39,7 @@ static char sccsid[] = "@(#)setvbuf.c 8.2 (Berkeley) 11/16/93"; __FBSDID("$FreeBSD$"); #include "namespace.h" +#include <limits.h> #include <stdio.h> #include <stdlib.h> #include "un-namespace.h" @@ -62,7 +63,7 @@ setvbuf(FILE * __restrict fp, char * __restrict buf, int mode, size_t size) * when setting _IONBF. */ if (mode != _IONBF) - if ((mode != _IOFBF && mode != _IOLBF) || (int)size < 0) + if ((mode != _IOFBF && mode != _IOLBF) || size > INT_MAX) return (EOF); FLOCKFILE_CANCELSAFE(fp);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202210071526.297FQe9s048975>