229714 – src/libexec/rtld-elf/malloc.c:377]: (error) Signed integer overflow

Bug 229714 - src/libexec/rtld-elf/malloc.c:377]: (error) Signed integer overflow

Summary: src/libexec/rtld-elf/malloc.c:377]: (error) Signed integer overflow

Status:	New

Alias:	None

Product:	Base System
Classification:	Unclassified
Component:	kern (show other bugs)
Version:	CURRENT
Hardware:	Any Any

Importance:	--- Affects Only Me
Assignee:	freebsd-bugs (Nobody)

URL:
Keywords:

Depends on:
Blocks:

Reported:	2018-07-12 09:33 UTC by David Binderman
Modified:	2024-11-27 06:52 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description David Binderman 2018-07-12 09:33:45 UTC

Source code is

        onb = 1 << (i + 3);

So if i is ever >= 28, overflow occurs.
Suggest either sanity check i before use, or use the following code:

        onb = 1UL << (i + 3);

and move type of variable onb to unsigned long.

Format For Printing
- XML
- Clone This Bug
- Top of page