https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=204230
Bug ID: 204230
Summary: [patch] bsdiff(1) - check file size against SIZE_MAX
Product: Base System
Version: 11.0-CURRENT
Hardware: Any
OS: Any
Status: New
Keywords: patch
Severity: Affects Only Me
Priority: ---
Component: misc
Assignee: [email protected]
Reporter: [email protected]
Keywords: patch
Created attachment 162714
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=162714&action=edit
proposed fix
When bsdiff opens binary files, it does not properly check if the file size
(off_t 64 bit) is larger than theoretical maximum memory size (size_t 64 or
just 32 bit).
Files that large won't work with the current code, because they clearly run out
of memory. But due to +1 calculation, the integer value can overflow and binary
data is written into unallocated memory (0 bytes), crashing the application.
The fix is simple: If file is too large, handle it as an I/O error.
--
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
[email protected] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "[email protected]"
