On Thu, Apr 13, 2017 at 03:49:33PM +0000, Brooks Davis wrote: > Author: brooks > Date: Thu Apr 13 15:49:32 2017 > New Revision: 316766 > URL: https://svnweb.freebsd.org/changeset/base/316766 > > Log: > Correct an out of bounds read with HN_AUTOSCALE and very large numbers. > > The maximum scale is 6 (K, M, G, T, P, E) (B is 0). > > Overly large explict scales were checked correctly, but for sufficently > large numbers HN_AUTOSCALE would get to 7 resulting in an out of bounds > read. > > Found with humanize_number_test and CHERI bounds checking.
IMO the real cause of this off-by-one error is the failure to use a proper array of prefixes. FreeBSD makes the case worse than the NetBSD code we started from by adding Ki, Mi, etc so the prefixes strings are all three characters per suffix making the code unreadable. -- Brooks
signature.asc
Description: PGP signature
