off by one bounds
Skip Ford
skip.ford at verizon.net
Sat Aug 21 02:00:06 PDT 2004
Maxim Konovalov wrote:
> On Fri, 20 Aug 2004, 12:36-0700, Ted Unangst wrote:
>
>> errors in freebsd 4.10 found by Coverity's analysis.
>
>> ip_icmp.c:ip_next_mtu, i == sizeof, dir >= 0
>
> If i == sizeof then mtutab[i] == 0
If "i == sizeof" then mtutab[i] is out of bounds, off by one.
There is no mtutab[sizeof mtutab / sizeof mtutab[0]].
This isn't specific to RELENG_4.
--
Skip
More information about the freebsd-hackers
mailing list