Re: off by one bounds
From: John Baldwin (jhb_at_FreeBSD.org)
Date: 08/23/04
- Previous message: John Baldwin: "Re: off by one bounds"
- In reply to: Maxim Konovalov: "Re: off by one bounds"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
To: freebsd-hackers@FreeBSD.org Date: Mon, 23 Aug 2004 15:13:13 -0400
On Saturday 21 August 2004 07:07 am, Maxim Konovalov wrote:
> On Sat, 21 Aug 2004, 13:19+0400, Maxim Konovalov wrote:
> > On Sat, 21 Aug 2004, 05:00-0400, Skip Ford wrote:
> > > Maxim Konovalov wrote:
> > > > On Fri, 20 Aug 2004, 12:36-0700, Ted Unangst wrote:
> > > >> errors in freebsd 4.10 found by Coverity's analysis.
> > > >>
> > > >> ip_icmp.c:ip_next_mtu, i == sizeof, dir >= 0
> > > >
> > > > If i == sizeof then mtutab[i] == 0
> > >
> > > If "i == sizeof" then mtutab[i] is out of bounds, off by one.
> > > There is no mtutab[sizeof mtutab / sizeof mtutab[0]].
> > >
> > > This isn't specific to RELENG_4
>
> After the second thought I still think it is not a error. mtu is
> always >= than the minimal value in mtutab[] that is why i is always
> less than (sizeof mtutab) / sizeof mtutab[0]). What do you think?
It's better to fix the code so it doesn't break on unexpected inputs. :)
-- John Baldwin <jhb@FreeBSD.org> <>< http://www.FreeBSD.org/~jhb/ "Power Users Use the Power to Serve" = http://www.FreeBSD.org _______________________________________________ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org"
- Previous message: John Baldwin: "Re: off by one bounds"
- In reply to: Maxim Konovalov: "Re: off by one bounds"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
