svn commit: r326052 - head/usr.bin/gzip

Conrad Meyer cem at freebsd.org
Wed Mar 11 01:27:01 UTC 2020


Hi Xin Li,

Sorry to reply to an old commit.

On Tue, Nov 21, 2017 at 12:14 AM Xin LI <delphij at freebsd.org> wrote:
>
> Author: delphij
> Date: Tue Nov 21 08:14:30 2017
> New Revision: 326052
> URL: https://svnweb.freebsd.org/changeset/base/326052
>
> Log:
>   Support SIGINFO.
> ...
> --- head/usr.bin/gzip/unpack.c  Tue Nov 21 07:35:29 2017        (r326051)
> +++ head/usr.bin/gzip/unpack.c  Tue Nov 21 08:14:30 2017        (r326052)
> ...
> @@ -152,6 +155,9 @@ unpack_parse_header(int in, int out, char *pre, size_t
>         ssize_t bytesread;              /* Bytes read from the file */
>         int i, j, thisbyte;
>
> +       if (prelen > sizeof hdr)
> +               maybe_err("prelen too long");

This check should perhaps be >=, rather than >.

> +
>         /* Prepend the header buffer if we already read some data */
>         if (prelen != 0)
>                 memcpy(hdr, pre, prelen);
> @@ -160,6 +166,7 @@ unpack_parse_header(int in, int out, char *pre, size_t
>         bytesread = read(in, hdr + prelen, PACK_HEADER_LENGTH - prelen);

In the case where prelen == sizeof(hdr), we invoke read(, pointer past
end of hdr, 0) above.  This should have no effect, but looks
unintended, and tickles Coverity (CID 1383554).

>         if (bytesread < 0)
>                 maybe_err("Error reading pack header");

Best,
Conrad


More information about the svn-src-all mailing list