Re: [PATCH] Add overflow check to get_delta_hdr_size

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Martin Koegler <martin.koegler@xxxxxxxxx> writes:

> From: Martin Koegler <martin.koegler@xxxxxxxxx>
>
> Signed-off-by: Martin Koegler <martin.koegler@xxxxxxxxx>
> ---
> Applies on top of my size_t series
>
> I'm not sure, if die or error is better.

As there is no fallback when we hit it, die would be sufficient; the
only thing the callers of this helper, or their callers, could do is
as a reaction to an error return from here would be to die themselves,
I would think.




>  delta.h | 5 +++++
>  1 file changed, 5 insertions(+)
>
> diff --git a/delta.h b/delta.h
> index 2df0f55..18a4983 100644
> --- a/delta.h
> +++ b/delta.h
> @@ -96,6 +96,11 @@ static inline size_t get_delta_hdr_size(const unsigned char **datap,
>  		cmd = *data++;
>  		size |= (cmd & 0x7f) << i;
>  		i += 7;
> +		if (bitsizeof(size_t) <= i) {
> +			error("too large object size");
> +			size = 0;
> +			break;
> +		}
>  	} while (cmd & 0x80 && data < top);
>  	*datap = data;
>  	return size;
[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]

  Powered by Linux