Maxim Konovalov wrote: > On Sat, 21 Aug 2004, 13:19+0400, Maxim Konovalov wrote: > > On Sat, 21 Aug 2004, 05:00-0400, Skip Ford wrote: > > > Maxim Konovalov wrote: > > > > On Fri, 20 Aug 2004, 12:36-0700, Ted Unangst wrote: > > > > > > > > > errors in freebsd 4.10 found by Coverity's analysis. > > > > > > > > > ip_icmp.c:ip_next_mtu, i == sizeof, dir >= 0 > > > > > > > > If i == sizeof then mtutab[i] == 0 > > > > > > If "i == sizeof" then mtutab[i] is out of bounds, off by one. > > > There is no mtutab[sizeof mtutab / sizeof mtutab[0]]. > > > > > > This isn't specific to RELENG_4 > > After the second thought I still think it is not a error. mtu is > always >= than the minimal value in mtutab[] that is why i is always > less than (sizeof mtutab) / sizeof mtutab[0]). What do you think?
I have no idea if it can actually be triggered. Callers may never invoke it with the necessary parameters but if they do, the function doesn't handle it. If mtu is < 0 and dir >= 0 then mtutab is accessed out of bounds. -- Skip _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
