Page MenuHomeFreeBSD
Differential D7897

bspatch: add integer overflow checks
ClosedPublic
Actions

Authored by emaste on Sep 14 2016, 9:12 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sun, Jan 26, 8:26 PM
Unknown Object (File)
Fri, Jan 24, 9:59 AM
Unknown Object (File)
Jan 12 2025, 4:30 AM
Unknown Object (File)
Dec 13 2024, 1:02 AM
Unknown Object (File)
Dec 12 2024, 4:34 AM
Unknown Object (File)
Nov 19 2024, 2:12 AM
Unknown Object (File)
Nov 16 2024, 12:59 PM
Unknown Object (File)
Oct 26 2024, 5:29 AM
View All 59 Files
Subscribers
gordon
imp

Details

Reviewers
kib
allanjude
delphij
cperciva
Commits
rS352742: bspatch: add integer overflow checks
Summary

Introduce a new add_off_t static function that exits with an error message if there's an overflow, otherwise returns their sum. Use this when adding values obtained from the input patch.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

emaste updated this revision to Diff 20356.Sep 14 2016, 9:12 PM
emaste retitled this revision from to bspatch: add integer overflow checks.
emaste updated this object.
emaste edited the test plan for this revision. (Show Details)
emaste added reviewers: allanjude, delphij, cperciva, kib.
emaste added a parent revision: D7861: bspatch: use sizeof(header) rather than hardcoded size.
kib added inline comments.Sep 15 2016, 8:32 AM
usr.bin/bsdiff/bspatch/bspatch.c
78 ↗(On Diff #20356)

Is this variant of the code so much better than explicit overflow checks below that it warrants coding the same check twice ? You need to do the explicit check anyway, so why bother ?

What can be done, instead, is to add e.g. sys/cdefs.h macro ADD_OF_CHECKED(a,b,result) and make this functionality generally useful, to avoid open-coding the same fragment several times. typeof() macro or generic C11 facility would allow to make that type-neutral.

kib added inline comments.Sep 15 2016, 8:33 AM
usr.bin/bsdiff/bspatch/bspatch.c
78 ↗(On Diff #20356)

Or may be sys/param.h is better place.

emaste added inline comments.Sep 15 2016, 2:36 PM
usr.bin/bsdiff/bspatch/bspatch.c
78 ↗(On Diff #20356)

We could do away with the bzctrllen > OFF_MAX - HEADER_SIZE, bzctrllen + HEADER_SIZE > OFF_MAX - bzdatalen and bzctrllen + HEADER_SIZE > OFF_MAX - bzdatalen checks if we were so inclined.

This approach is harder to get wrong (by missing an explicit overflow check), and is resilient to future changes in variable types.

emaste added a subscriber: gordon.Apr 21 2018, 3:12 AM
allanjude accepted this revision.Apr 21 2018, 3:26 AM
This revision is now accepted and ready to land.Apr 21 2018, 3:26 AM
delphij added a comment.Apr 21 2018, 5:56 AM

Looks good to me in principal.

usr.bin/bsdiff/bspatch/bspatch.c
70 ↗(On Diff #20356)

Maybe inline?

emaste updated this revision to Diff 60902.Aug 16 2019, 6:45 PM

rebase, add inline as suggested by @delphij

This revision now requires review to proceed.Aug 16 2019, 6:45 PM
delphij accepted this revision.Aug 16 2019, 8:47 PM
This revision is now accepted and ready to land.Aug 16 2019, 8:47 PM
Closed by commit rS352742: bspatch: add integer overflow checks (authored by emaste). · Explain WhySep 26 2019, 1:27 PM
This revision was automatically updated to reflect the committed changes.
emaste added a commit: rS352742: bspatch: add integer overflow checks.
Herald added a subscriber: imp. · View Herald TranscriptSep 26 2019, 1:27 PM

Revision Contents
Changeset List

PathSize
head/
usr.bin/
bsdiff/
bspatch/
35 lines

Diff 62587

View Options

head/usr.bin/bsdiff/bspatch/bspatch.c

Loading...