svn commit: r326052 - head/usr.bin/gzip
Conrad Meyer
cem at freebsd.org
Wed Mar 11 01:27:01 UTC 2020
Hi Xin Li,
Sorry to reply to an old commit.
On Tue, Nov 21, 2017 at 12:14 AM Xin LI <delphij at freebsd.org> wrote:
>
> Author: delphij
> Date: Tue Nov 21 08:14:30 2017
> New Revision: 326052
> URL: https://svnweb.freebsd.org/changeset/base/326052
>
> Log:
> Support SIGINFO.
> ...
> --- head/usr.bin/gzip/unpack.c Tue Nov 21 07:35:29 2017 (r326051)
> +++ head/usr.bin/gzip/unpack.c Tue Nov 21 08:14:30 2017 (r326052)
> ...
> @@ -152,6 +155,9 @@ unpack_parse_header(int in, int out, char *pre, size_t
> ssize_t bytesread; /* Bytes read from the file */
> int i, j, thisbyte;
>
> + if (prelen > sizeof hdr)
> + maybe_err("prelen too long");
This check should perhaps be >=, rather than >.
> +
> /* Prepend the header buffer if we already read some data */
> if (prelen != 0)
> memcpy(hdr, pre, prelen);
> @@ -160,6 +166,7 @@ unpack_parse_header(int in, int out, char *pre, size_t
> bytesread = read(in, hdr + prelen, PACK_HEADER_LENGTH - prelen);
In the case where prelen == sizeof(hdr), we invoke read(, pointer past
end of hdr, 0) above. This should have no effect, but looks
unintended, and tickles Coverity (CID 1383554).
> if (bytesread < 0)
> maybe_err("Error reading pack header");
Best,
Conrad
More information about the svn-src-all
mailing list