Hi Xin Li, Sorry to reply to an old commit.
On Tue, Nov 21, 2017 at 12:14 AM Xin LI <delp...@freebsd.org> wrote: > > Author: delphij > Date: Tue Nov 21 08:14:30 2017 > New Revision: 326052 > URL: https://svnweb.freebsd.org/changeset/base/326052 > > Log: > Support SIGINFO. > ... > --- head/usr.bin/gzip/unpack.c Tue Nov 21 07:35:29 2017 (r326051) > +++ head/usr.bin/gzip/unpack.c Tue Nov 21 08:14:30 2017 (r326052) > ... > @@ -152,6 +155,9 @@ unpack_parse_header(int in, int out, char *pre, size_t > ssize_t bytesread; /* Bytes read from the file */ > int i, j, thisbyte; > > + if (prelen > sizeof hdr) > + maybe_err("prelen too long"); This check should perhaps be >=, rather than >. > + > /* Prepend the header buffer if we already read some data */ > if (prelen != 0) > memcpy(hdr, pre, prelen); > @@ -160,6 +166,7 @@ unpack_parse_header(int in, int out, char *pre, size_t > bytesread = read(in, hdr + prelen, PACK_HEADER_LENGTH - prelen); In the case where prelen == sizeof(hdr), we invoke read(, pointer past end of hdr, 0) above. This should have no effect, but looks unintended, and tickles Coverity (CID 1383554). > if (bytesread < 0) > maybe_err("Error reading pack header"); Best, Conrad _______________________________________________ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"