Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 13 Apr 2017 16:14:19 +0000
From:      Brooks Davis <brooks@freebsd.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   Re: svn commit: r316766 - head/lib/libutil
Message-ID:  <20170413161419.GC95141@spindle.one-eyed-alien.net>
In-Reply-To: <201704131549.v3DFnXNa003990@repo.freebsd.org>
References:  <201704131549.v3DFnXNa003990@repo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help 

--qtZFehHsKgwS5rPz
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Apr 13, 2017 at 03:49:33PM +0000, Brooks Davis wrote:
> Author: brooks
> Date: Thu Apr 13 15:49:32 2017
> New Revision: 316766
> URL: https://svnweb.freebsd.org/changeset/base/316766
>=20
> Log:
>   Correct an out of bounds read with HN_AUTOSCALE and very large numbers.
>  =20
>   The maximum scale is 6 (K, M, G, T, P, E) (B is 0).
>  =20
>   Overly large explict scales were checked correctly, but for sufficently
>   large numbers HN_AUTOSCALE would get to 7 resulting in an out of bounds
>   read.
>  =20
>   Found with humanize_number_test and CHERI bounds checking.

IMO the real cause of this off-by-one error is the failure to use a
proper array of prefixes.  FreeBSD makes the case worse than the NetBSD
code we started from by adding Ki, Mi, etc so the prefixes strings are
all three characters per suffix making the code unreadable.

-- Brooks

--qtZFehHsKgwS5rPz
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQEcBAEBAgAGBQJY76PaAAoJEKzQXbSebgfAs38H/Agg6l9/n2+ZCRHuIWQmWb0L
EZbQ708MZKhHM5tXVodIB2V2eqAOtTV+NzZI5UvtjIe4nwMJ7gFfjRg06hput0Lv
alaKU4cloFkb1pjA9io+HZEc2J+ezt2UZseKYk0enqLaJtcYqHbQBKoelKRPnNnP
PT5oeawfKvcEdDQ15C5GbKnnmmerfF/HNHPl6SrqIcht6OrO/qDG8vzqRU8wA8PU
Mf47U6+sDIH8AxNA4LuPW8vAXQBXC0moa56aDrSiWG5+hrBcPcR994C2MXXPxExZ
hNFAs0ZA3a6o83S6RoEndxxrKeZj1yku7HeYqNJ8NOHOJBDX55TAGH2VoZlluEI=
=iRvC
-----END PGP SIGNATURE-----

--qtZFehHsKgwS5rPz--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20170413161419.GC95141>