Re: CVS commit: src/sys

To: maya%NetBSD.org@localhost
Subject: Re: CVS commit: src/sys
From: Maxime Villard <max%m00nbsd.net@localhost>
Date: Fri, 6 Dec 2019 10:28:53 +0100

Le 06/12/2019 à 08:49, maya%NetBSD.org@localhost a écrit :
> On Fri, Dec 06, 2019 at 07:27:07AM +0000, Maxime Villard wrote:
>> Log Message:
>> Minor changes, reported by the LGTM bot.
>
> Would be nice if the commit message was "address some integer overflows"
> or something.

Except that it does not address integer overflows? Rather an undefined
behavior if the pointer overflows; this would have probably caused an
ugly crash instead of a clean panic.

>> @@ -2205,7 +2205,7 @@ m_verify_packet(struct mbuf *m)
>>
>>  		dat = n->m_data;
>>  		len = n->m_len;
>> -		if (__predict_false(dat + len < dat)) {
>> +		if (__predict_false(len < 0)) {
>>  			panic("%s: incorrect length (len = %d)", __func__, len);
>>  		}
>>
>>
>
> Hmm, was it trying to check that adding the two numbers together didn't
> produce an overflow?  (Not valid, but has a different meaning)

It meant to test both whether len was negative or too big; now it just
tests negative. Too big is actually useless here.

References:
- Re: CVS commit: src/sys
  - From: maya

Prev by Date: Re: CVS commit: src/sys
Next by Date: Re: CVS commit: src/sys/arch
Previous by Thread: Re: CVS commit: src/sys
Next by Thread: Re: CVS commit: src/sys/arch
Indexes:

Home | Main Index | Thread Index | Old Index