[exim-dev] read/write 4 bytes from/to a short

Wed, 06 Oct 2021 08:27:37 -0700 

Hi all,

when compiling exim with gcc 11.1, it complains (correctly, I would
say) about a few read/write operations overflowing the struct member to
read/write:

  deliver.c:2415 - address_item.transport_return is a short int
  deliver.c:2421 - address_item.special_action also
  deliver.c:2489 - same

A simple patch is attached. What do you think?

Regards,
Torsten


diff --color -urN exim-4.95/src/deliver.c exim-4.95.patched/src/deliver.c
--- exim-4.95/src/deliver.c	2021-09-28 10:24:46.000000000 +0200
+++ exim-4.95.patched/src/deliver.c	2021-10-06 09:06:41.805935776 +0200
@@ -2411,14 +2411,15 @@
     int local_part_length = Ustrlen(addr2->local_part);
     uschar *s;
     int ret;
+    int tmp1 = addr2->transport_return, tmp2 = addr2->special_action;
 
-    if(  (ret = write(pfd[pipe_write], &addr2->transport_return, sizeof(int))) != sizeof(int)
+    if(  (ret = write(pfd[pipe_write], &tmp1, sizeof(int))) != sizeof(int)
       || (ret = write(pfd[pipe_write], &transport_count, sizeof(transport_count))) != sizeof(transport_count)
       || (ret = write(pfd[pipe_write], &addr2->flags, sizeof(addr2->flags))) != sizeof(addr2->flags)
       || (ret = write(pfd[pipe_write], &addr2->basic_errno,    sizeof(int))) != sizeof(int)
       || (ret = write(pfd[pipe_write], &addr2->more_errno,     sizeof(int))) != sizeof(int)
       || (ret = write(pfd[pipe_write], &addr2->delivery_time,  sizeof(struct timeval))) != sizeof(struct timeval)
-      || (ret = write(pfd[pipe_write], &addr2->special_action, sizeof(int))) != sizeof(int)
+      || (ret = write(pfd[pipe_write], &tmp2, sizeof(int))) != sizeof(int)
       || (ret = write(pfd[pipe_write], &addr2->transport,
         sizeof(transport_instance *))) != sizeof(transport_instance *)
 
@@ -2476,7 +2477,7 @@
   {
   if ((len = read(pfd[pipe_read], &status, sizeof(int))) > 0)
     {
-    int i;
+    int i, tmp;
     uschar **sptr;
 
     addr2->transport_return = status;
@@ -2486,7 +2487,8 @@
     len = read(pfd[pipe_read], &addr2->basic_errno,    sizeof(int));
     len = read(pfd[pipe_read], &addr2->more_errno,     sizeof(int));
     len = read(pfd[pipe_read], &addr2->delivery_time,  sizeof(struct timeval));
-    len = read(pfd[pipe_read], &addr2->special_action, sizeof(int));
+    len = read(pfd[pipe_read], &tmp, sizeof(int));
+    addr2->special_action = (short)tmp;
     len = read(pfd[pipe_read], &addr2->transport,
       sizeof(transport_instance *));
 

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim 
details at http://www.exim.org/ ##

Reply via email to