Date: Tue, 3 Nov 2015 09:50:11 +0000 (UTC) From: "Andrey A. Chernov" <ache@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r290329 - head/usr.bin/bsdiff/bsdiff Message-ID: <201511030950.tA39oBwH080758@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: ache Date: Tue Nov 3 09:50:10 2015 New Revision: 290329 URL: https://svnweb.freebsd.org/changeset/base/290329 Log: Use meaningful errno for ssize_t overflow in read(). Catch size_t overflow in malloc(). PR: 204230 MFC after: 1 week Modified: head/usr.bin/bsdiff/bsdiff/bsdiff.c Modified: head/usr.bin/bsdiff/bsdiff/bsdiff.c ============================================================================== --- head/usr.bin/bsdiff/bsdiff/bsdiff.c Tue Nov 3 09:38:39 2015 (r290328) +++ head/usr.bin/bsdiff/bsdiff/bsdiff.c Tue Nov 3 09:50:10 2015 (r290329) @@ -31,7 +31,10 @@ __FBSDID("$FreeBSD$"); #include <bzlib.h> #include <err.h> +#include <errno.h> #include <fcntl.h> +#include <limits.h> +#include <stdint.h> #include <stdio.h> #include <stdlib.h> #include <string.h> @@ -230,8 +233,16 @@ int main(int argc,char *argv[]) /* Allocate oldsize+1 bytes instead of oldsize bytes to ensure that we never try to malloc(0) and get a NULL pointer */ if(((fd=open(argv[1],O_RDONLY|O_BINARY,0))<0) || - ((oldsize=lseek(fd,0,SEEK_END))==-1) || - ((old=malloc(oldsize+1))==NULL) || + ((oldsize=lseek(fd,0,SEEK_END))==-1)) + err(1, "%s", argv[1]); + + if (oldsize > SSIZE_MAX || + (uintmax_t)oldsize >= SIZE_T_MAX / sizeof(off_t)) { + errno = EFBIG; + err(1, "%s", argv[1]); + } + + if (((old=malloc(oldsize+1))==NULL) || (lseek(fd,0,SEEK_SET)!=0) || (read(fd,old,oldsize)!=oldsize) || (close(fd)==-1)) err(1,"%s",argv[1]); @@ -246,8 +257,15 @@ int main(int argc,char *argv[]) /* Allocate newsize+1 bytes instead of newsize bytes to ensure that we never try to malloc(0) and get a NULL pointer */ if(((fd=open(argv[2],O_RDONLY|O_BINARY,0))<0) || - ((newsize=lseek(fd,0,SEEK_END))==-1) || - ((new=malloc(newsize+1))==NULL) || + ((newsize=lseek(fd,0,SEEK_END))==-1)) + err(1, "%s", argv[2]); + + if (newsize > SSIZE_MAX || (uintmax_t)newsize >= SIZE_T_MAX) { + errno = EFBIG; + err(1, "%s", argv[2]); + } + + if (((new=malloc(newsize+1))==NULL) || (lseek(fd,0,SEEK_SET)!=0) || (read(fd,new,newsize)!=newsize) || (close(fd)==-1)) err(1,"%s",argv[2]);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201511030950.tA39oBwH080758>