Correct an out of bounds read with HN_AUTOSCALE and very large numbers.
The maximum scale is 6 (K, M, G, T, P, E) (B is 0). Overly large explict scales were checked correctly, but for sufficently large numbers HN_AUTOSCALE would get to 7 resulting in an out of bounds read. Found with humanize_number_test and CHERI bounds checking. Reviewed by: emaste Obtained from: CheriBSD MFC after: 1 week Sponsored by: DARPA, AFRL Differential Revision: https://reviews.freebsd.org/D10376
This commit is contained in:
parent
4e65501f13
commit
72f0a13e60
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=316766
@ -43,7 +43,7 @@ __FBSDID("$FreeBSD$");
|
|||||||
#include <locale.h>
|
#include <locale.h>
|
||||||
#include <libutil.h>
|
#include <libutil.h>
|
||||||
|
|
||||||
static const int maxscale = 7;
|
static const int maxscale = 6;
|
||||||
|
|
||||||
int
|
int
|
||||||
humanize_number(char *buf, size_t len, int64_t quotient,
|
humanize_number(char *buf, size_t len, int64_t quotient,
|
||||||
@ -64,7 +64,7 @@ humanize_number(char *buf, size_t len, int64_t quotient,
|
|||||||
return (-1);
|
return (-1);
|
||||||
if (scale < 0)
|
if (scale < 0)
|
||||||
return (-1);
|
return (-1);
|
||||||
else if (scale >= maxscale &&
|
else if (scale > maxscale &&
|
||||||
((scale & ~(HN_AUTOSCALE|HN_GETSCALE)) != 0))
|
((scale & ~(HN_AUTOSCALE|HN_GETSCALE)) != 0))
|
||||||
return (-1);
|
return (-1);
|
||||||
if ((flags & HN_DIVISOR_1000) && (flags & HN_IEC_PREFIXES))
|
if ((flags & HN_DIVISOR_1000) && (flags & HN_IEC_PREFIXES))
|
||||||
|
Loading…
Reference in New Issue
Block a user