Bug 229714 - src/libexec/rtld-elf/malloc.c:377]: (error) Signed integer overflow
Summary: src/libexec/rtld-elf/malloc.c:377]: (error) Signed integer overflow
Status: New
Alias: None
Product: Base System
Classification: Unclassified
Component: misc (show other bugs)
Version: CURRENT
Hardware: Any Any
: --- Affects Only Me
Assignee: freebsd-bugs mailing list
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-07-12 09:33 UTC by David Binderman
Modified: 2018-07-12 09:33 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description David Binderman 2018-07-12 09:33:45 UTC
Source code is

        onb = 1 << (i + 3);

So if i is ever >= 28, overflow occurs.
Suggest either sanity check i before use, or use the following code:

        onb = 1UL << (i + 3);

and move type of variable onb to unsigned long.