NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: bin/47154
The following reply was made to PR bin/47154; it has been noted by GNATS.
From: miwarin%gmail.com@localhost
To: gnats-bugs%NetBSD.org@localhost,
gnats-admin%netbsd.org@localhost,
netbsd-bugs%netbsd.org@localhost,
ben%hl9.neta@localhost
Cc:
Subject: Re: bin/47154
Date: Sat, 01 Nov 2014 21:26:06 +0900
On Fri, 31 Oct 2014 15:10:01 +0000 (UTC)
Miwa Susumu <miwarin%gmail.com@localhost> wrote:
> The following reply was made to PR bin/47154; it has been noted by GNATS.
>
> From: Miwa Susumu <miwarin%gmail.com@localhost>
> To: gnats-bugs%NetBSD.org@localhost
> Cc:
> Subject: Re: bin/47154
> Date: Sat, 1 Nov 2014 00:06:12 +0900
>
> dd.c setup()
>
> if (!(ddflags & (C_BLOCK|C_UNBLOCK))) {
> if ((in.db = malloc(out.dbsz + in.dbsz - 1)) == NULL) { <====
> err(EXIT_FAILURE, NULL);
> /* NOTREACHED */
> }
> out.db = in.db;
I was modified to check the arguments before malloc().
% diff -u dd.c.orig dd.c
--- dd.c.orig 2014-11-01 21:13:47.000000000 +0900
+++ dd.c 2014-11-01 21:15:57.000000000 +0900
@@ -1,4 +1,4 @@
-/* $NetBSD: dd.c,v 1.47.4.2 2012/04/17 00:01:36 yamt Exp $ */
+/* $NetBSD: dd.c,v 1.48 2011/11/06 21:22:23 jym Exp $ */
/*-
* Copyright (c) 1991, 1993, 1994
@@ -43,7 +43,7 @@
#if 0
static char sccsid[] = "@(#)dd.c 8.5 (Berkeley) 4/2/94";
#else
-__RCSID("$NetBSD: dd.c,v 1.47.4.2 2012/04/17 00:01:36 yamt Exp $");
+__RCSID("$NetBSD: dd.c,v 1.48 2011/11/06 21:22:23 jym Exp $");
#endif
#endif /* not lint */
@@ -212,10 +212,10 @@
* record oriented I/O, only need a single buffer.
*/
if (!(ddflags & (C_BLOCK|C_UNBLOCK))) {
- size_t dbsz = out.dbsz;
- if (!(ddflags & C_BS))
- dbsz += in.dbsz - 1;
- if ((in.db = malloc(dbsz)) == NULL) {
+ if((out.dbsz + in.dbsz - 1) > SIZE_T_MAX) {
+ errx(EXIT_FAILURE, "bs must be less than %u", SIZE_T_MAX);
+ }
+ if ((in.db = malloc(out.dbsz + in.dbsz - 1)) == NULL) {
err(EXIT_FAILURE, NULL);
/* NOTREACHED */
}
--
miwarin
Home |
Main Index |
Thread Index |
Old Index