Le 06/12/2019 à 08:49, m...@netbsd.org a écrit :
> On Fri, Dec 06, 2019 at 07:27:07AM +0000, Maxime Villard wrote:
>> Log Message:
>> Minor changes, reported by the LGTM bot.
>
> Would be nice if the commit message was "address some integer overflows"
> or something.
Except that it does not address integer overflows? Rather an undefined
behavior if the pointer overflows; this would have probably caused an
ugly crash instead of a clean panic.
>> @@ -2205,7 +2205,7 @@ m_verify_packet(struct mbuf *m)
>>
>> dat = n->m_data;
>> len = n->m_len;
>> - if (__predict_false(dat + len < dat)) {
>> + if (__predict_false(len < 0)) {
>> panic("%s: incorrect length (len = %d)", __func__, len);
>> }
>>
>>
>
> Hmm, was it trying to check that adding the two numbers together didn't
> produce an overflow? (Not valid, but has a different meaning)
It meant to test both whether len was negative or too big; now it just
tests negative. Too big is actually useless here.
