From owner-svn-src-head@freebsd.org Wed Mar 11 21:09:04 2020 Return-Path: Delivered-To: svn-src-head@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 0E3C926AB43; Wed, 11 Mar 2020 21:09:04 +0000 (UTC) (envelope-from delphij@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48d4MM5DYvz4MHQ; Wed, 11 Mar 2020 21:09:03 +0000 (UTC) (envelope-from delphij@FreeBSD.org) Received: from odin.corp.delphij.net (unknown [IPv6:2601:646:8600:58ba:3030:219a:bc3:27a4]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) (Authenticated sender: delphij/mail) by smtp.freebsd.org (Postfix) with ESMTPSA id E380A2EA7F; Wed, 11 Mar 2020 21:09:02 +0000 (UTC) (envelope-from delphij@FreeBSD.org) From: Xin Li Subject: Re: svn commit: r326052 - head/usr.bin/gzip To: cem@freebsd.org Cc: src-committers , svn-src-all , svn-src-head References: <201711210814.vAL8EUgM047088@repo.freebsd.org> Autocrypt: addr=delphij@FreeBSD.org; prefer-encrypt=mutual; keydata= mQINBFuSR4oBEACvvEgwRIHs6IcSP/yaDtySF78Ji3rP29qdiQsxhMsOtvtffdbS56VApIWO UFb3/iN2gA8HwLvrmjijN0HEoLVX7na1WARmxRYzQMtApsZIUTtx7hnUYlsi2F5odZa6CDW9 a954DLRzYxiUwYDcu5Zjl9bglK1H8e/N9uC0Vuigr4teWfh86brzOyf819QzwFVYfMIK4ihw QGwMvTzbyVuCFy+LENkmcVYni70oQy6rZ5ktSuYbuOFvu7inRRfhSWPHziV7k+bW88sJ7xhv lBlegcnhkSudWX2M8tZ3MO1PJOcyys0CJlsBY5Weiog2lIPi05h/E9pZ9mc1Vud17iqDaL6w RaggOUhuPfDGCdO5ro82W4BZGeQMRnRF5Ntk+t2ShIH4nn3xRLV0E5nziCiKlgiMqOrz/ZTL QTVbHrCuiwD+fSK14y0oHbkOLYTYLlgh1JbwfY2Ty7elOYiWzyeJ7sJh2dF91NSEneWIOys3 mBpuvtU3nSzzTvAB48VV+Nbg1CpIOgNlPjj7uhIum/Z/VjUaJEyaLpTIRh0MVJVcbP7hXSqZ NA35EEZZVnWEOYdycm4CmEdeNPWkrAf2Ya77iR5VLGypwMlsUMQPh+sKVWDD38M8stFGBBNm d01Hi74Bsq5hKan654dOqMt5eYklrVj0ucMzFQtus7oE502UswARAQABtBxYaW4gTEkgPGRl bHBoaWpARnJlZUJTRC5vcmc+iQJXBBMBCgBBAhsDBQkJroQABQsJCAcDBRUKCQgLBRYCAwEA Ah4BAheAFiEEceNg5NEMZIki80nQQHl/fJX0g08FAluSUkoCGQEACgkQQHl/fJX0g08OIxAA pcCm2QCi6IM0o5N5ro5rTodh2rlMuf31TTYBjdf9laZvpnA8a80XBLgx7bxASxH0EOaxcJZk Hl6D0Ex8jcrwOoe9kmbzJ1ZrqBBJBup+mTrf4SwRceSqo6OGHrun8C6kOnq4X62RsvJ9j9nU PqowhXJ4zZHNk9ZXLDzWbrNvYNXxhb+GgK5SniIKMM5Jw/qlMYvxaiIwnS5So+UzIbNsycnk CLbzZxE0d9pe97G3zDvCCwUYoo6LmSx7R20yRnGgO0BlvTPHeWn5WtK1ku3aiarHJW7mRMbD 617GLdc2vuT3bDSd3XwQztgZdiOZkYCdNZVQvuOqMdTtg+phCoQyvEB0+OWoIc/9Cam826nG lazUzURU/FNKJMcxP+1eFI+D/Kl8lpLTtmcjZNbmxeYR2OG6gz7fkyX2D3Is7GEcxuAi6j8f 3OpyFxb9IX4ZsP54/C41bzbcZtQgsU30Ptp/AhJpThHzYHrskfIcLNdmu2ngD5GvrBNX/x4W dO0SgI8tsdY7UQqU9IMWYdkVP8smIUDypMS5x/VZe47afq+VxACOhL0hSixWJDt6Rbl/4iyM EE6Cgu3/YAWQhAK7B97wJj5vPxqdAtPQjkUZGtlTOJWm/NIf4MCYjoHlfan07zatzJ2XF6y6 XcRiCQXULUYpshhY7mXOTSHXZ8n6HB+Z1ri5Ag0EW5JHigEQANiBmIFAfRNH3nzYNWC0yC+t fx3zsUwAsH1VaBM/cTib+yKtbBOSIlXWjJZWX3MHwoI/1LeGghB2mxkkX1L0pJ/vj1eXNR+s FZ320pYcl61Fxg/5fioG4QDTM4i3i7NR5PxDnc6UVaynSlII93DedRhZ1ROtdn4vyMgzsDiq hbL7BthDOt5KxjqdRk4qRPSw7BovEqZLOcG5IJtf/zZUzRbM7SBljEbOAfekDGx1Br+RrYSD 7/EfPwwzou9T8315IpBpIHyQF/dZNk3iFiB9Ed5CA71ZRYV5YoLWE9lL0j9kxOLQ5vHnX3mV q7QZBc7nzwZ6UhQgYmrG5+RWvuiPpGwvDRIsugJUGXucYkAQh5kuNblmkwpv6u9rNMjCNbzA ylOaqdogra5EW+RUSbRz0b4iIr8nnZeAlh7BihCe7JjOwbDjoBEEEtSfVc4hD/LENqpcYVrC hphfaOLB9YIXhnVDTVvMc9OklWT/81HzAaDQqOQCzEfY92199Ct9/CwRoQ2OpO8TO5+8A7b9 Nb33nmxMn09mb48ruRacMrfHxCWbgU4w9SEfbip4GcS5wGG6yTC+hw55Iwnnwus40NrJ0GEr 8a4rcdsLbkvlyoNHB8ZGgyJ4aFCQ1V4qE1BnlTk7Z8BYBUkJM1odPSkVvHpCnMUjVpJ3hEOC +73ZYH1dh7lZABEBAAGJAjwEGAEKACYWIQRx42Dk0QxkiSLzSdBAeX98lfSDTwUCW5JHigIb DAUJCa6EAAAKCRBAeX98lfSDTz8DEACMh3poeUb+gWNF4RWFZuLteZVo0+E1JLYXQkmtrRBL XviP+Qy0pXyFAVxLM4hNIBoIDYfK9BcwrBYf7AwSKrH0GiNwFpgHCkbZd6qoZy2gB+adTnCp VCTJKJetsH/8awkrChJWMK0ckGf3EeWMPvawG7kW7FBz70NYEZ0pOMiaEZNVtzD3wwbYWUiD FYth83XGglOExg+1ShTW5XjQPRrdyJAO+aUW4o3lVjfyUJXMgI4rmhMiLVm06GuNrbpKIF0s +4VdjQAjhrDQjfoXi9CkfsA/cONseuHNv1JGj3RqHiqHJq1dbrpodXp925zGDAnUGxCOBPoF opAHgVzR89GTut059GpwqsddZmU6y7rqifuam/ekJ+QRwc16vgt7pHqCrTY8WPxRZr2UpFU1 wlToCOdeiFep1gq1F9jzFjJnoMaAdmC6k7bgAA+RQusOgIhJL0jIej7DoAHxmxFFCfRy+lDt pXwFgQ8HMvzHI65QWmQnMo7s6SQH/ZH5s1yR6SJq8+3lDz+dCuT42qJVqIPVvxd10LW0FNN+ t7HFeLadU6ekSgD13/EYMYXlvNHkw7dAItSDxIzgRyykLz0bCU9xwNWoS4Z43+ifF9anJ+uR 0ltWEl1j++h6ZrD3LLuCgJIt1so0m49GzdcSpOI7LCwMlacyvafiEyjUn+tSNDsnfw== Organization: The FreeBSD Project Message-ID: <3e0f2ee3-5406-76ae-9042-4edd9301db23@FreeBSD.org> Date: Wed, 11 Mar 2020 14:09:00 -0700 User-Agent: Thunderbird MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="rkFxnE0IqRTRPJcY9ZbwJJI5dOMJIYTzL" X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Mar 2020 21:09:04 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --rkFxnE0IqRTRPJcY9ZbwJJI5dOMJIYTzL Content-Type: multipart/mixed; boundary="impGTs6glpXYcbLNKmoQ07PPD9lZi9D3J"; protected-headers="v1" From: Xin Li To: cem@freebsd.org Cc: src-committers , svn-src-all , svn-src-head Message-ID: <3e0f2ee3-5406-76ae-9042-4edd9301db23@FreeBSD.org> Subject: Re: svn commit: r326052 - head/usr.bin/gzip References: <201711210814.vAL8EUgM047088@repo.freebsd.org> In-Reply-To: --impGTs6glpXYcbLNKmoQ07PPD9lZi9D3J Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 3/10/20 18:26, Conrad Meyer wrote: > Hi Xin Li, >=20 > Sorry to reply to an old commit. >=20 > On Tue, Nov 21, 2017 at 12:14 AM Xin LI wrote: >> >> Author: delphij >> Date: Tue Nov 21 08:14:30 2017 >> New Revision: 326052 >> URL: https://svnweb.freebsd.org/changeset/base/326052 >> >> Log: >> Support SIGINFO. >> ... >> --- head/usr.bin/gzip/unpack.c Tue Nov 21 07:35:29 2017 (r3260= 51) >> +++ head/usr.bin/gzip/unpack.c Tue Nov 21 08:14:30 2017 (r3260= 52) >> ... >> @@ -152,6 +155,9 @@ unpack_parse_header(int in, int out, char *pre, si= ze_t >> ssize_t bytesread; /* Bytes read from the file */= >> int i, j, thisbyte; >> >> + if (prelen > sizeof hdr) >> + maybe_err("prelen too long"); >=20 > This check should perhaps be >=3D, rather than >. >=20 >> + >> /* Prepend the header buffer if we already read some data */ >> if (prelen !=3D 0) >> memcpy(hdr, pre, prelen); >> @@ -160,6 +166,7 @@ unpack_parse_header(int in, int out, char *pre, si= ze_t >> bytesread =3D read(in, hdr + prelen, PACK_HEADER_LENGTH - prel= en); >=20 > In the case where prelen =3D=3D sizeof(hdr), we invoke read(, pointer p= ast > end of hdr, 0) above. This should have no effect, but looks > unintended, and tickles Coverity (CID 1383554). Thanks for the analysis. It seems that this is a false positive because the situation can never happen with the current code (the passed prelen has to be either 0 or 4). I've created a changeset at: https://reviews.freebsd.org/D24034 to address it. Cheers, --impGTs6glpXYcbLNKmoQ07PPD9lZi9D3J-- --rkFxnE0IqRTRPJcY9ZbwJJI5dOMJIYTzL Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.2.19 (Darwin) iQIzBAEBCgAdFiEEceNg5NEMZIki80nQQHl/fJX0g08FAl5pU20ACgkQQHl/fJX0 g0+JmQ//VgudTnNlDVjUPvCkEcpR5a0JJdVYkPa+8czUMBNw//AzKwOpgK7vfOA9 8ytYk+RDfDlu57cuSPdUuAHUcOi0iZFEVD8iIbGDawruAt1Oo3fi6pKD5HQRWG4j PJpibiSuStmCexoPyVdV7KE0IIh/ozDZHqyhbRF9woqHfMmTj4KnjXgAcB3XbG87 d0QD4mqBiNt/yEy2oEvOWFP+09tYeCsny7PmV91XtV2D9lSYrZ+AFUX+OXo3yqbt gS+f0VBdafJ04u9C+uk5g0s6qi2fWLcaD+jyDL2iZllZ1Z5PR0gBYhgaSDVjBY7o oDKYg6OmaPBrUh9piM/yqnMnBham6a/5KR6rJFm3ebJq/E6I/z3L9h217ULv75kM vQ6BkXlGiAhULHXZzxmOGPuJFp3otatllauKLLQOAj0VST8L/zOhnO1HGYlaJAWX 4WFM2q7mH8sLqgjqZv2cAKde2/JFISPqqYvjoJLx/hVKYyYSfb20NGrXD661bk6S aSxp48QkilnLAYyYWB9uaHcD4xGJy3dm0LFLl+g1ATKf2ckM1hmnfdEFzJEOBk/K 5YhFGbivZt5GJzrslCcANTSe/+mYtrXAY3hAZ6W5CAPS1of36QROSFm3odDrS1fe /QoA1+OGMZKiovw4CpNHhzHTYO3pcsKEETX49UBGV3tIy/s6L5A= =dWwZ -----END PGP SIGNATURE----- --rkFxnE0IqRTRPJcY9ZbwJJI5dOMJIYTzL--