[PATCH] Enforce strict overflow checking
Jeremy Allison
jra at samba.org
Tue Mar 20 20:18:39 UTC 2018
On Thu, Mar 15, 2018 at 10:16:11AM +0100, Andreas Schneider wrote:
>
> This is a ping :-)
>
>
> Thanks for the review!
OK, the only one I'm pushing back on is this:
--------------------------------------------------------------------------------
From: Andreas Schneider <asn at samba.org>
Date: Thu, 7 Dec 2017 18:01:45 +0100
Subject: [PATCH 36/39] s3:printing: Fix size check in get_file_version()
This fixes compilation with -Wstrict-overflow=2
Signed-off-by: Andreas Schneider <asn at samba.org>
---
source3/printing/nt_printing.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/source3/printing/nt_printing.c b/source3/printing/nt_printing.c
index 2e500f18c7d..00c737d2fd4 100644
--- a/source3/printing/nt_printing.c
+++ b/source3/printing/nt_printing.c
@@ -485,7 +485,7 @@ static int get_file_version(files_struct *fsp, char *fname,uint32_t *major, uint
/* Potential match data crosses buf boundry, move it to beginning
* of buf, and fill the buf with as much as it will hold. */
if (i>byte_count-VS_VERSION_INFO_SIZE) {
- int bc;
+ ssize_t bc;
memcpy(buf, &buf[i], byte_count-i);
if ((bc = vfs_read_data(fsp, &buf[byte_count-i], VS_NE_BUF_SIZE-
@@ -496,8 +496,10 @@ static int get_file_version(files_struct *fsp, char *fname,uint32_t *major, uint
goto error_exit;
}
+ if (byte_count - i < VS_VERSION_INFO_SIZE) {
+ break;
+ }
byte_count = bc + (byte_count - i);
- if (byte_count<VS_VERSION_INFO_SIZE) break;
i = 0;
}
--------------------------------------------------------------------------------
The removal of:
- if (byte_count<VS_VERSION_INFO_SIZE) break;
and addition of:
+ if (byte_count - i < VS_VERSION_INFO_SIZE) {
+ break;
+ }
check different conditions (i.e. leads to a change
in behavior). The original check is to ensure we
now have at least VS_VERSION_INFO_SIZE bytes in
buf[], including the value we just read of length
VS_NE_BUF_SIZE-(byte_count-i). Your new check
only checks that the remaining buffer size
we just filled is less than VS_VERSION_INFO_SIZE,
which isn't the same thing as checking that we
now have at least VS_VERSION_INFO_SIZE bytes in
the buffer.
Can you review the following fix instead ? It
fixes the memcpy -> memmove bug, plus it renames
everything to helper variables that should make
this code clearer to understand.
Thanks !
Jeremy.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-s3-printing-Fix-size-check-in-get_file_version.patch
Type: text/x-diff
Size: 1847 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20180320/133dad54/0001-s3-printing-Fix-size-check-in-get_file_version.diff>
More information about the samba-technical
mailing list