svn commit: r290546 - stable/10/usr.bin/bsdiff/bsdiff

Sun, 08 Nov 2015 06:23:30 -0800 

Author: ache
Date: Sun Nov  8 14:22:57 2015
New Revision: 290546
URL: https://svnweb.freebsd.org/changeset/base/290546

Log:
  MFC: r290329,r290336
  PR: 204230
  
  r290329:
  
  Use meaningful errno for ssize_t overflow in read().
  Catch size_t overflow in malloc().
  
  r290336:
  
  Check for (old|new)size + 1 overflows off_t.

Modified:
  stable/10/usr.bin/bsdiff/bsdiff/bsdiff.c
Directory Properties:
  stable/10/   (props changed)

Modified: stable/10/usr.bin/bsdiff/bsdiff/bsdiff.c
==============================================================================
--- stable/10/usr.bin/bsdiff/bsdiff/bsdiff.c    Sun Nov  8 13:44:21 2015        
(r290545)
+++ stable/10/usr.bin/bsdiff/bsdiff/bsdiff.c    Sun Nov  8 14:22:57 2015        
(r290546)
@@ -31,7 +31,10 @@ __FBSDID("$FreeBSD$");
 
 #include <bzlib.h>
 #include <err.h>
+#include <errno.h>
 #include <fcntl.h>
+#include <limits.h>
+#include <stdint.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -221,8 +224,17 @@ int main(int argc,char *argv[])
        /* Allocate oldsize+1 bytes instead of oldsize bytes to ensure
                that we never try to malloc(0) and get a NULL pointer */
        if(((fd=open(argv[1],O_RDONLY|O_BINARY,0))<0) ||
-               ((oldsize=lseek(fd,0,SEEK_END))==-1) ||
-               ((old=malloc(oldsize+1))==NULL) ||
+           ((oldsize=lseek(fd,0,SEEK_END))==-1))
+               err(1, "%s", argv[1]);
+
+       if (oldsize > SSIZE_MAX ||
+           (uintmax_t)oldsize >= SIZE_T_MAX / sizeof(off_t) ||
+           oldsize == OFF_MAX) {
+               errno = EFBIG;
+               err(1, "%s", argv[1]);
+       }
+
+       if (((old=malloc(oldsize+1))==NULL) ||
                (lseek(fd,0,SEEK_SET)!=0) ||
                (read(fd,old,oldsize)!=oldsize) ||
                (close(fd)==-1)) err(1,"%s",argv[1]);
@@ -237,8 +249,16 @@ int main(int argc,char *argv[])
        /* Allocate newsize+1 bytes instead of newsize bytes to ensure
                that we never try to malloc(0) and get a NULL pointer */
        if(((fd=open(argv[2],O_RDONLY|O_BINARY,0))<0) ||
-               ((newsize=lseek(fd,0,SEEK_END))==-1) ||
-               ((new=malloc(newsize+1))==NULL) ||
+           ((newsize=lseek(fd,0,SEEK_END))==-1))
+               err(1, "%s", argv[2]);
+
+       if (newsize > SSIZE_MAX || (uintmax_t)newsize >= SIZE_T_MAX ||
+           newsize == OFF_MAX) {
+               errno = EFBIG;
+               err(1, "%s", argv[2]);
+       }
+
+       if (((new=malloc(newsize+1))==NULL) ||
                (lseek(fd,0,SEEK_SET)!=0) ||
                (read(fd,new,newsize)!=newsize) ||
                (close(fd)==-1)) err(1,"%s",argv[2]);
_______________________________________________
svn-src-stable-10@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-stable-10
To unsubscribe, send any mail to "svn-src-stable-10-unsubscr...@freebsd.org"

Reply via email to