From owner-svn-src-head@freebsd.org Thu Apr 13 16:14:20 2017 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D1387D3CEB9; Thu, 13 Apr 2017 16:14:20 +0000 (UTC) (envelope-from brooks@spindle.one-eyed-alien.net) Received: from spindle.one-eyed-alien.net (spindle.one-eyed-alien.net [199.48.129.229]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id AB3E5910; Thu, 13 Apr 2017 16:14:20 +0000 (UTC) (envelope-from brooks@spindle.one-eyed-alien.net) Received: by spindle.one-eyed-alien.net (Postfix, from userid 3001) id 9D9675A9F14; Thu, 13 Apr 2017 16:14:19 +0000 (UTC) Date: Thu, 13 Apr 2017 16:14:19 +0000 From: Brooks Davis To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r316766 - head/lib/libutil Message-ID: <20170413161419.GC95141@spindle.one-eyed-alien.net> References: <201704131549.v3DFnXNa003990@repo.freebsd.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="qtZFehHsKgwS5rPz" Content-Disposition: inline In-Reply-To: <201704131549.v3DFnXNa003990@repo.freebsd.org> User-Agent: Mutt/1.8.0 (2017-02-23) X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 Apr 2017 16:14:20 -0000 --qtZFehHsKgwS5rPz Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Apr 13, 2017 at 03:49:33PM +0000, Brooks Davis wrote: > Author: brooks > Date: Thu Apr 13 15:49:32 2017 > New Revision: 316766 > URL: https://svnweb.freebsd.org/changeset/base/316766 >=20 > Log: > Correct an out of bounds read with HN_AUTOSCALE and very large numbers. > =20 > The maximum scale is 6 (K, M, G, T, P, E) (B is 0). > =20 > Overly large explict scales were checked correctly, but for sufficently > large numbers HN_AUTOSCALE would get to 7 resulting in an out of bounds > read. > =20 > Found with humanize_number_test and CHERI bounds checking. IMO the real cause of this off-by-one error is the failure to use a proper array of prefixes. FreeBSD makes the case worse than the NetBSD code we started from by adding Ki, Mi, etc so the prefixes strings are all three characters per suffix making the code unreadable. -- Brooks --qtZFehHsKgwS5rPz Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEcBAEBAgAGBQJY76PaAAoJEKzQXbSebgfAs38H/Agg6l9/n2+ZCRHuIWQmWb0L EZbQ708MZKhHM5tXVodIB2V2eqAOtTV+NzZI5UvtjIe4nwMJ7gFfjRg06hput0Lv alaKU4cloFkb1pjA9io+HZEc2J+ezt2UZseKYk0enqLaJtcYqHbQBKoelKRPnNnP PT5oeawfKvcEdDQ15C5GbKnnmmerfF/HNHPl6SrqIcht6OrO/qDG8vzqRU8wA8PU Mf47U6+sDIH8AxNA4LuPW8vAXQBXC0moa56aDrSiWG5+hrBcPcR994C2MXXPxExZ hNFAs0ZA3a6o83S6RoEndxxrKeZj1yku7HeYqNJ8NOHOJBDX55TAGH2VoZlluEI= =iRvC -----END PGP SIGNATURE----- --qtZFehHsKgwS5rPz--