Date: Thu, 21 Mar 2013 17:16:57 +0100 From: Tijl Coosemans <tijl@coosemans.org> To: Tijl Coosemans <tijl@FreeBSD.org> Cc: svn-src-stable@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org, svn-src-stable-9@freebsd.org Subject: Re: svn commit: r248587 - stable/9/sys/kern Message-ID: <514B3279.7010404@coosemans.org> In-Reply-To: <201303211615.r2LGFZOj038244@svn.freebsd.org> References: <201303211615.r2LGFZOj038244@svn.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2013-03-21 17:15, Tijl Coosemans wrote: > Author: tijl > Date: Thu Mar 21 16:15:34 2013 > New Revision: 248587 > URL: http://svnweb.freebsd.org/changeset/base/248587 > > Log: > - Fix two possible overflows when testing if ELF program headers are on > the first page: > 1. Cast uint16_t operands in a multiplication to unsigned int because > otherwise the implicit promotion to int results in a signed > multiplication that can overflow and the behaviour on integer > overflow is undefined. > 2. Replace (offset + size > PAGE_SIZE) with (size > PAGE_SIZE - offset) > because the sum may overflow. > - Use the same tests to see if the path to the interpreter is on the first > page. There's no overflow here because size is already limited by > MAXPATHLEN, but the compiler optimises the new tests better. Also fix an > off-by-one error. > - Simplify tests to see if an ELF note program header is on the first page. > This also fixes an off-by-one error. > > Reviewed by: kib Forgot to mention: MFC r248256
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?514B3279.7010404>