git: 5260fbcebdfc - main - fix check for integer

Sun, 30 Jan 2022 08:29:10 -0800 

The branch main has been updated by wosch:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=5260fbcebdfcf2c17f9575bfbe9a34c97d56ea0a

commit 5260fbcebdfcf2c17f9575bfbe9a34c97d56ea0a
Author:     Wolfram Schneider <wo...@freebsd.org>
AuthorDate: 2022-01-30 16:27:27 +0000
Commit:     Wolfram Schneider <wo...@freebsd.org>
CommitDate: 2022-01-30 16:27:27 +0000

    fix check for integer
    
    For historical reasons, the integer is stored with an offset of plus 14.
    That means, for a given max path length of 1024 the valid values
    are -1009 .. 1037 and not -1023 .. 1023
    
    PR: 201243
---
 usr.bin/locate/locate/util.c | 22 ++++++++++++++--------
 1 file changed, 14 insertions(+), 8 deletions(-)

diff --git a/usr.bin/locate/locate/util.c b/usr.bin/locate/locate/util.c
index ff64b5a952d3..77d8f7e58079 100644
--- a/usr.bin/locate/locate/util.c
+++ b/usr.bin/locate/locate/util.c
@@ -223,16 +223,20 @@ getwm(p)
        } u;
        register int i, hi;
 
+       /* the integer is stored by an offset of 14 (!!!) */
+        int i_max = MAXPATHLEN + OFFSET;
+        int i_min = -(MAXPATHLEN - OFFSET);
+
        for (i = 0; i < (int)INTSIZE; i++)
                u.buf[i] = *p++;
 
        i = u.i;
 
-       if (i > MAXPATHLEN || i < -(MAXPATHLEN)) {
+       if (i >= i_max || i <= i_min) {
                hi = ntohl(i);
-               if (hi > MAXPATHLEN || hi < -(MAXPATHLEN))
-                       errx(1, "integer out of +-MAXPATHLEN (%d): %u",
-                           MAXPATHLEN, abs(i) < abs(hi) ? i : hi);
+               if (hi >= i_max || hi <= i_min)
+                       errx(1, "integer out of range: %d < %d < %d",
+                           i_min, abs(i) < abs(hi) ? i : hi, i_max);
                return(hi);
        }
        return(i);
@@ -251,14 +255,16 @@ getwf(fp)
        FILE *fp;
 {
        register int word, hword;
+        int i_max = MAXPATHLEN + OFFSET;
+        int i_min = -(MAXPATHLEN - OFFSET);
 
        word = getw(fp);
 
-       if (word > MAXPATHLEN || word < -(MAXPATHLEN)) {
+       if (word >= i_max || word <= i_min) {
                hword = ntohl(word);
-               if (hword > MAXPATHLEN || hword < -(MAXPATHLEN))
-                       errx(1, "integer out of +-MAXPATHLEN (%d): %u",
-                           MAXPATHLEN, abs(word) < abs(hword) ? word : hword);
+               if (hword >= i_max || hword <= i_min)
+                       errx(1, "integer out of range: %d < %d < %d",
+                           i_min, abs(word) < abs(hword) ? word : hword, 
i_max);
                return(hword);
        }
        return(word);

Reply via email to