Date: Sat, 21 Aug 2004 15:07:49 +0400 (MSD) From: Maxim Konovalov <maxim@macomnet.ru> To: Skip Ford <skip.ford@verizon.net> Cc: Ted Unangst <tedu@coverity.com> Subject: Re: off by one bounds Message-ID: <20040821150427.O35076@mp2.macomnet.net> In-Reply-To: <20040821131924.U34847@mp2.macomnet.net> References: <412652AA.5020308@coverity.com> <20040821120624.I34489@mp2.macomnet.net> <20040821090001.GB593@lucy.pool-70-17-33-167.pskn.east.verizon.net> <20040821131924.U34847@mp2.macomnet.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 21 Aug 2004, 13:19+0400, Maxim Konovalov wrote: > On Sat, 21 Aug 2004, 05:00-0400, Skip Ford wrote: > > > Maxim Konovalov wrote: > > > On Fri, 20 Aug 2004, 12:36-0700, Ted Unangst wrote: > > > > > >> errors in freebsd 4.10 found by Coverity's analysis. > > > > > >> ip_icmp.c:ip_next_mtu, i == sizeof, dir >= 0 > > > > > > If i == sizeof then mtutab[i] == 0 > > > > If "i == sizeof" then mtutab[i] is out of bounds, off by one. > > There is no mtutab[sizeof mtutab / sizeof mtutab[0]]. > > > > This isn't specific to RELENG_4 After the second thought I still think it is not a error. mtu is always >= than the minimal value in mtutab[] that is why i is always less than (sizeof mtutab) / sizeof mtutab[0]). What do you think? -- Maxim Konovalov
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040821150427.O35076>