[PATCHSET] Fix and add -Werror=strict-overflow -Wstrict-overflow=2
Volker Lendecke
Volker.Lendecke at SerNet.DE
Fri Dec 8 07:41:08 UTC 2017
On Thu, Dec 07, 2017 at 08:37:15PM +0100, Andreas Schneider via samba-technical wrote:
> From 9b5684f9acac4c4ff0136c0ef9663d8f9f4c28bf Mon Sep 17 00:00:00 2001
> From: Andreas Schneider <asn at samba.org>
> Date: Thu, 26 Oct 2017 09:43:56 +0200
> Subject: [PATCH 42/42] s3:glock: Add sanity check in g_lock_parse()
>
> Signed-off-by: Andreas Schneider <asn at samba.org>
> ---
> source3/lib/g_lock.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/source3/lib/g_lock.c b/source3/lib/g_lock.c
> index c5d66e3855e..ea2d7717ce5 100644
> --- a/source3/lib/g_lock.c
> +++ b/source3/lib/g_lock.c
> @@ -81,6 +81,9 @@ static bool g_lock_parse(uint8_t *buf, size_t buflen, struct g_lock *lck)
> buf += sizeof(uint32_t);
> buflen -= sizeof(uint32_t);
> data_ofs = found_recs * G_LOCK_REC_LENGTH;
> + if (data_ofs >= buflen) {
> + return false;
> + }
Can we better fix this by moving the
if (found_recs > buflen/G_LOCK_REC_LENGTH) {
return false;
}
sequence to after the buflen-=sizeof(uint32_t)?
I thought that overflow in multiplication is much better caught by
testing the reverse operation before the multiplication is done.
Volker
--
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de
More information about the samba-technical
mailing list