Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code | Sign in
(15085)
Issues Repositories Search
Open Issues | Closed Issues | All Issues | Sign in with your Google Account to create issues and add comments

Issue 7231069: fix broken overflow check in digest_certinfo()

Can't Edit
Can't Publish+Mail
Start Review
Created:
11 years, 3 months ago by xi
Modified:
11 years, 1 month ago
Reviewers:
CC:
rsc, codebot
Visibility:
Public.

Description

gcc compiles `p + length < p' into 'length < 0' since pointer overflow is undefined behavior in C. This breaks the check against a large `length'. Use `length > pend - p' instead. There's no need to check `length < 0' since `length' is from length_decode() and should be non-negative. === Try the simplified code. void bar(void); void foo(unsigned char *p, int length) { if (p + length < p) bar(); } $ gcc -S -o - t.c -O2 ... foo: .LFB0: .cfi_startproc testl %esi, %esi js .L4 rep ret .L4: jmp bar .cfi_endproc Clearly `p' is not used at all.

Patch Set 1 #

Unified diffs Side-by-side diffs Delta from patch set Stats (+1 line, -2 lines) Patch
M src/libsec/port/x509.c View 1 chunk +1 line, -2 lines 0 comments Download

Messages

Total messages: 5
xi
11 years, 3 months ago (2013-01-31 07:31:37 UTC) #1
rsc
I don't understand what's wrong here either. Is it that length is unsigned and the ...
11 years, 3 months ago (2013-01-31 15:50:59 UTC) #2
xi
On 2013/01/31 15:50:59, rsc wrote: > I don't understand what's wrong here either. Is it ...
11 years, 1 month ago (2013-03-05 08:07:05 UTC) #3
rsc
*** Submitted as https://code.google.com/p/plan9port/source/detail?r=3cd53e993790 *** libsec: avoid undefined C gcc compiles `p + length < ...
11 years, 1 month ago (2013-03-19 18:35:20 UTC) #4
rsc
11 years, 1 month ago (2013-03-19 18:35:29 UTC) #5 
thanks. sorry for the long delay. drowning in mail.
Sign in to reply to this message.

Powered by Google App Engine
RSS Feeds Recent Issues | This issue
This is Rietveld f62528b