svn commit: r270256 - in head: bin/ed libexec/rtld-elf usr.bin/mail

Wed, 20 Aug 2014 19:41:01 -0700 

Author: pfg
Date: Thu Aug 21 02:40:33 2014
New Revision: 270256
URL: http://svnweb.freebsd.org/changeset/base/270256

Log:
  Always check the limits of array index variables before using them.
  
  Obtained from:        DragonFlyBSD
  MFC after:    1 week

Modified:
  head/bin/ed/cbc.c
  head/libexec/rtld-elf/libmap.c
  head/usr.bin/mail/edit.c

Modified: head/bin/ed/cbc.c
==============================================================================
--- head/bin/ed/cbc.c   Thu Aug 21 01:07:27 2014        (r270255)
+++ head/bin/ed/cbc.c   Thu Aug 21 02:40:33 2014        (r270256)
@@ -237,7 +237,7 @@ expand_des_key(char *obuf, char *kbuf)
                /*
                 * now translate it, bombing on any illegal hex digit
                 */
-               for (i = 0; kbuf[i] && i < 16; i++)
+               for (i = 0; i < 16 && kbuf[i]; i++)
                        if ((nbuf[i] = hex_to_binary((int) kbuf[i], 16)) == -1)
                                des_error("bad hex digit in key");
                while (i < 16)

Modified: head/libexec/rtld-elf/libmap.c
==============================================================================
--- head/libexec/rtld-elf/libmap.c      Thu Aug 21 01:07:27 2014        
(r270255)
+++ head/libexec/rtld-elf/libmap.c      Thu Aug 21 02:40:33 2014        
(r270256)
@@ -216,14 +216,14 @@ lmc_parse(char *lm_p, size_t lm_len)
        p = NULL;
        while (cnt < lm_len) {
                i = 0;
-               while (lm_p[cnt] != '\n' && cnt < lm_len &&
+               while (cnt < lm_len && lm_p[cnt] != '\n' &&
                    i < sizeof(line) - 1) {
                        line[i] = lm_p[cnt];
                        cnt++;
                        i++;
                }
                line[i] = '\0';
-               while (lm_p[cnt] != '\n' && cnt < lm_len)
+               while (cnt < lm_len && lm_p[cnt] != '\n')
                        cnt++;
                /* skip over nl */
                cnt++;

Modified: head/usr.bin/mail/edit.c
==============================================================================
--- head/usr.bin/mail/edit.c    Thu Aug 21 01:07:27 2014        (r270255)
+++ head/usr.bin/mail/edit.c    Thu Aug 21 02:40:33 2014        (r270256)
@@ -81,7 +81,7 @@ edit1(int *msgvec, int type)
        /*
         * Deal with each message to be edited . . .
         */
-       for (i = 0; msgvec[i] && i < msgCount; i++) {
+       for (i = 0; i < msgCount && msgvec[i]; i++) {
                sig_t sigint;
 
                if (i > 0) {
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

Reply via email to