off by one bounds
Maxim Konovalov
maxim at macomnet.ru
Sat Aug 21 04:07:53 PDT 2004
On Sat, 21 Aug 2004, 13:19+0400, Maxim Konovalov wrote:
> On Sat, 21 Aug 2004, 05:00-0400, Skip Ford wrote:
>
> > Maxim Konovalov wrote:
> > > On Fri, 20 Aug 2004, 12:36-0700, Ted Unangst wrote:
> > >
> > >> errors in freebsd 4.10 found by Coverity's analysis.
> > >
> > >> ip_icmp.c:ip_next_mtu, i == sizeof, dir >= 0
> > >
> > > If i == sizeof then mtutab[i] == 0
> >
> > If "i == sizeof" then mtutab[i] is out of bounds, off by one.
> > There is no mtutab[sizeof mtutab / sizeof mtutab[0]].
> >
> > This isn't specific to RELENG_4
After the second thought I still think it is not a error. mtu is
always >= than the minimal value in mtutab[] that is why i is always
less than (sizeof mtutab) / sizeof mtutab[0]). What do you think?
--
Maxim Konovalov
More information about the freebsd-hackers
mailing list