Hi,
The function
[[
APR_DECLARE(apr_status_t) apr_mmap_offset(void **addr, apr_mmap_t *mmap,
apr_off_t offset)
{
if (offset < 0 || (apr_size_t)offset > mmap->size)
return APR_EINVAL;
(*addr) = (char *) mmap->mm + offset;
return APR_SUCCESS;
}
]]
n common.c (which just contains this function)
Contains 'a few' possible overflows on 32 bit operating systems.
The problem is the offset type that is typically 64 bit.
The first check has a bad cast that doesn't handle overflows and the address
at the bottom has a similar overflow.
Can somebody fix this when he is working in the code anyway?
(Probably easier to fix it in place than to write a patch)
Bert
