Hi, The function [[ APR_DECLARE(apr_status_t) apr_mmap_offset(void **addr, apr_mmap_t *mmap, apr_off_t offset) { if (offset < 0 || (apr_size_t)offset > mmap->size) return APR_EINVAL; (*addr) = (char *) mmap->mm + offset; return APR_SUCCESS; } ]] n common.c (which just contains this function)
Contains 'a few' possible overflows on 32 bit operating systems. The problem is the offset type that is typically 64 bit. The first check has a bad cast that doesn't handle overflows and the address at the bottom has a similar overflow. Can somebody fix this when he is working in the code anyway? (Probably easier to fix it in place than to write a patch) Bert