subject:"off by one bounds"

Re: off by one bounds

2004-08-23 Thread John Baldwin

On Saturday 21 August 2004 07:07 am, Maxim Konovalov wrote: > On Sat, 21 Aug 2004, 13:19+0400, Maxim Konovalov wrote: > > On Sat, 21 Aug 2004, 05:00-0400, Skip Ford wrote: > > > Maxim Konovalov wrote: > > > > On Fri, 20 Aug 2004, 12:36-0700, Ted Unangst wrote: > > > >> errors in freebsd 4.10 found

Re: off by one bounds

2004-08-21 Thread Skip Ford

Maxim Konovalov wrote: > On Sat, 21 Aug 2004, 13:19+0400, Maxim Konovalov wrote: > > On Sat, 21 Aug 2004, 05:00-0400, Skip Ford wrote: > > > Maxim Konovalov wrote: > > > > On Fri, 20 Aug 2004, 12:36-0700, Ted Unangst wrote: > > > > > > > > > errors in freebsd 4.10 found by Coverity's analysis. > >

Re: off by one bounds

2004-08-21 Thread Maxim Konovalov

On Sat, 21 Aug 2004, 13:19+0400, Maxim Konovalov wrote: > On Sat, 21 Aug 2004, 05:00-0400, Skip Ford wrote: > > > Maxim Konovalov wrote: > > > On Fri, 20 Aug 2004, 12:36-0700, Ted Unangst wrote: > > > > > >> errors in freebsd 4.10 found by Coverity's analysis. > > > > > >> ip_icmp.c:ip_next_mtu, i

Re: off by one bounds

2004-08-21 Thread Maxim Konovalov

On Sat, 21 Aug 2004, 05:00-0400, Skip Ford wrote: > Maxim Konovalov wrote: > > On Fri, 20 Aug 2004, 12:36-0700, Ted Unangst wrote: > > > >> errors in freebsd 4.10 found by Coverity's analysis. > > > >> ip_icmp.c:ip_next_mtu, i == sizeof, dir >= 0 > > > > If i == sizeof then mtutab[i] == 0 > > If "

Re: off by one bounds

2004-08-21 Thread Skip Ford

Maxim Konovalov wrote: > On Fri, 20 Aug 2004, 12:36-0700, Ted Unangst wrote: > >> errors in freebsd 4.10 found by Coverity's analysis. > >> ip_icmp.c:ip_next_mtu, i == sizeof, dir >= 0 > > If i == sizeof then mtutab[i] == 0 If "i == sizeof" then mtutab[i] is out of bounds, off by one. There is

Re: off by one bounds

2004-08-21 Thread Maxim Konovalov

Hi Ted, On Fri, 20 Aug 2004, 12:36-0700, Ted Unangst wrote: > errors in freebsd 4.10 found by Coverity's analysis. [...] > ip_icmp.c:ip_next_mtu, i == sizeof, dir >= 0 This one is not a bug really. If i == sizeof then mtutab[i] == 0 and we return 0 at the line 818. Or I miss something? -- M

off by one bounds

2004-08-20 Thread Ted Unangst

errors in freebsd 4.10 found by Coverity's analysis. awi_wep.c:awi_wep_setalgo, algo == sizeof svr4_signal.c:SVR4_NSIG one larger than TBLSIZ linprocfs_misc.c:linprocfs_doprocstatus, p_stat == sizeof ibcs2_msg.c:ibcs2_poll, fd == FD_SETSIZE if_ray.c:ray_rx_mgt_info, len == NWID_LEN ciss.c:ciss_cam_

Re: off by one bounds

Re: off by one bounds

Re: off by one bounds

Re: off by one bounds

Re: off by one bounds

Re: off by one bounds

off by one bounds

7 matches

Site Navigation

Mail list logo

Footer information