Module Name: src
Committed By: christos
Date: Thu Apr 13 17:45:56 UTC 2017
Modified Files:
src/lib/libc/gen: humanize_number.c
Log Message:
Fix out of bounds read for very large numbers (pointed out by Brooks Davis)
https://svnweb.freebsd.org/changeset/base/316766
To generate a diff of this commit:
cvs rdiff -u -r1.16 -r1.17 src/lib/libc/gen/humanize_number.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/lib/libc/gen/humanize_number.c
diff -u src/lib/libc/gen/humanize_number.c:1.16 src/lib/libc/gen/humanize_number.c:1.17
--- src/lib/libc/gen/humanize_number.c:1.16 Sat Mar 17 16:01:14 2012
+++ src/lib/libc/gen/humanize_number.c Thu Apr 13 13:45:56 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: humanize_number.c,v 1.16 2012/03/17 20:01:14 christos Exp $ */
+/* $NetBSD: humanize_number.c,v 1.17 2017/04/13 17:45:56 christos Exp $ */
/*
* Copyright (c) 1997, 1998, 1999, 2002 The NetBSD Foundation, Inc.
@@ -32,7 +32,7 @@
#include <sys/cdefs.h>
#if defined(LIBC_SCCS) && !defined(lint)
-__RCSID("$NetBSD: humanize_number.c,v 1.16 2012/03/17 20:01:14 christos Exp $");
+__RCSID("$NetBSD: humanize_number.c,v 1.17 2017/04/13 17:45:56 christos Exp $");
#endif /* LIBC_SCCS and not lint */
#include "namespace.h"
@@ -76,9 +76,9 @@ humanize_number(char *buf, size_t len, i
}
#define SCALE2PREFIX(scale) (&prefixes[(scale) << 1])
- maxscale = 7;
+ maxscale = 6;
- if ((size_t)scale >= maxscale &&
+ if ((size_t)scale > maxscale &&
(scale & (HN_AUTOSCALE | HN_GETSCALE)) == 0)
return (-1);
