cvs commit: src/lib/libmd/i386 rmd160.S sha.S

Colin Percival cperciva at
Mon May 14 17:07:06 UTC 2007

Maxim Sobolev wrote:
> Colin Percival wrote:
>>   (1) The platform is i386.
> [...]
>>   still be broken if conditions (1)-(3) apply AND the buffer extends
>>   beyond 4GB (i.e., there is an integer overflow in computing "data +
>> len").
> How that could be? Isn't userland address space on i386 limited by 4GB?

Exactly -- that's why I said that the remaining bug replaces SIGSEGV (since
a "correct" implementation would try to read kernel memory on its way towards
an address overflow) with a bogus hash.  This is strictly a "call us with bogus
parameters, get a bogus result" issue.

Colin Percival

More information about the cvs-src mailing list