svn commit: r316766 - head/lib/libutil
Brooks Davis
brooks at freebsd.org
Thu Apr 13 16:14:20 UTC 2017
On Thu, Apr 13, 2017 at 03:49:33PM +0000, Brooks Davis wrote:
> Author: brooks
> Date: Thu Apr 13 15:49:32 2017
> New Revision: 316766
> URL: https://svnweb.freebsd.org/changeset/base/316766
>
> Log:
> Correct an out of bounds read with HN_AUTOSCALE and very large numbers.
>
> The maximum scale is 6 (K, M, G, T, P, E) (B is 0).
>
> Overly large explict scales were checked correctly, but for sufficently
> large numbers HN_AUTOSCALE would get to 7 resulting in an out of bounds
> read.
>
> Found with humanize_number_test and CHERI bounds checking.
IMO the real cause of this off-by-one error is the failure to use a
proper array of prefixes. FreeBSD makes the case worse than the NetBSD
code we started from by adding Ki, Mi, etc so the prefixes strings are
all three characters per suffix making the code unreadable.
-- Brooks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/svn-src-head/attachments/20170413/8a8335a1/attachment.sig>
More information about the svn-src-head
mailing list