Re: off by one bounds

• Previous message: Maxim Konovalov: "Re: off by one bounds"
• In reply to: Maxim Konovalov: "Re: off by one bounds"
• Next in thread: Maxim Konovalov: "Re: off by one bounds"
• Reply: Maxim Konovalov: "Re: off by one bounds"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Sat, 21 Aug 2004 05:00:01 -0400
To: Maxim Konovalov <maxim@macomnet.ru>

Maxim Konovalov wrote:
> On Fri, 20 Aug 2004, 12:36-0700, Ted Unangst wrote:
>
>> errors in freebsd 4.10 found by Coverity's analysis.
>
>> ip_icmp.c:ip_next_mtu, i == sizeof, dir >= 0
>
> If i == sizeof then mtutab[i] == 0

If "i == sizeof" then mtutab[i] is out of bounds, off by one.
There is no mtutab[sizeof mtutab / sizeof mtutab[0]].

This isn't specific to RELENG_4.

-- 
Skip
_______________________________________________
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org"

• Previous message: Maxim Konovalov: "Re: off by one bounds"
• In reply to: Maxim Konovalov: "Re: off by one bounds"
• Next in thread: Maxim Konovalov: "Re: off by one bounds"
• Reply: Maxim Konovalov: "Re: off by one bounds"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages Re: INCLUDE_CONFIG_FILE in GENERIC (Was: msgbuf default size...) ... Maxim Konovalov wrote: ... helful. ... FreeBSD - The Power to Serve! ... (freebsd-arch) Re: off by one bounds ... Maxim Konovalov wrote: ... then mtutab is accessed out of bounds. ... To unsubscribe, ... (freebsd-hackers) Re: cvs commit: src/sys/netinet tcp_syncache.c ... On Thu, 24 Jan 2008, 17:20+0300, Maxim Konovalov wrote: ... It takes some time to obtain the dump -- I need to downgrade the ... -- FreeBSD ... (freebsd-net)