git: 5260fbcebdfc - main - fix check for integer

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Wolfram Schneider <wosch_at_FreeBSD.org>
Date: Sun, 30 Jan 2022 16:28:43 UTC
The branch main has been updated by wosch:

URL: https://cgit.FreeBSD.org/src/commit/?id=5260fbcebdfcf2c17f9575bfbe9a34c97d56ea0a

commit 5260fbcebdfcf2c17f9575bfbe9a34c97d56ea0a
Author:     Wolfram Schneider <wosch@FreeBSD.org>
AuthorDate: 2022-01-30 16:27:27 +0000
Commit:     Wolfram Schneider <wosch@FreeBSD.org>
CommitDate: 2022-01-30 16:27:27 +0000

    fix check for integer
    
    For historical reasons, the integer is stored with an offset of plus 14.
    That means, for a given max path length of 1024 the valid values
    are -1009 .. 1037 and not -1023 .. 1023
    
    PR: 201243
---
 usr.bin/locate/locate/util.c | 22 ++++++++++++++--------
 1 file changed, 14 insertions(+), 8 deletions(-)

diff --git a/usr.bin/locate/locate/util.c b/usr.bin/locate/locate/util.c
index ff64b5a952d3..77d8f7e58079 100644
--- a/usr.bin/locate/locate/util.c
+++ b/usr.bin/locate/locate/util.c
@@ -223,16 +223,20 @@ getwm(p)
 	} u;
 	register int i, hi;
 
+	/* the integer is stored by an offset of 14 (!!!) */
+        int i_max = MAXPATHLEN + OFFSET;
+        int i_min = -(MAXPATHLEN - OFFSET);
+
 	for (i = 0; i < (int)INTSIZE; i++)
 		u.buf[i] = *p++;
 
 	i = u.i;
 
-	if (i > MAXPATHLEN || i < -(MAXPATHLEN)) {
+	if (i >= i_max || i <= i_min) {
 		hi = ntohl(i);
-		if (hi > MAXPATHLEN || hi < -(MAXPATHLEN))
-			errx(1, "integer out of +-MAXPATHLEN (%d): %u",
-			    MAXPATHLEN, abs(i) < abs(hi) ? i : hi);
+		if (hi >= i_max || hi <= i_min)
+			errx(1, "integer out of range: %d < %d < %d",
+			    i_min, abs(i) < abs(hi) ? i : hi, i_max);
 		return(hi);
 	}
 	return(i);
@@ -251,14 +255,16 @@ getwf(fp)
 	FILE *fp;
 {
 	register int word, hword;
+        int i_max = MAXPATHLEN + OFFSET;
+        int i_min = -(MAXPATHLEN - OFFSET);
 
 	word = getw(fp);
 
-	if (word > MAXPATHLEN || word < -(MAXPATHLEN)) {
+	if (word >= i_max || word <= i_min) {
 		hword = ntohl(word);
-		if (hword > MAXPATHLEN || hword < -(MAXPATHLEN))
-			errx(1, "integer out of +-MAXPATHLEN (%d): %u",
-			    MAXPATHLEN, abs(word) < abs(hword) ? word : hword);
+		if (hword >= i_max || hword <= i_min)
+			errx(1, "integer out of range: %d < %d < %d",
+			    i_min, abs(word) < abs(hword) ? word : hword, i_max);
 		return(hword);
 	}
 	return(word);