[Bug 206551] Heap overflow in iconv kernel module
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Sun Jan 24 22:57:00 UTC 2016
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206551
Jilles Tjoelker <jilles at FreeBSD.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |jilles at FreeBSD.org
--- Comment #4 from Jilles Tjoelker <jilles at FreeBSD.org> ---
The explanation why there is no triggerable problem is that the
ICONV_CSMAXDATALEN expression is of type size_t, an unsigned type. Then,
comparing an int and a size_t, the int is converted to size_t, converting
negative values to very large positive values.
This is fragile (changing ICONV_CSMAXDATALEN to a plain number like 266240 will
make it vulnerable) and causes compiler warnings with -Wsign-compare, but is
not an immediate bug.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list