Correct an out of bounds read with HN_AUTOSCALE and very large numbers.
The maximum scale is 6 (K, M, G, T, P, E) (B is 0). Overly large explict scales were checked correctly, but for sufficently large numbers HN_AUTOSCALE would get to 7 resulting in an out of bounds read. Found with humanize_number_test and CHERI bounds checking. Reviewed by: emaste Obtained from: CheriBSD MFC after: 1 week Sponsored by: DARPA, AFRL Differential Revision: https://reviews.freebsd.org/D10376
This commit is contained in:
parent
434a9744e1
commit
5c721276a4
@ -43,7 +43,7 @@ __FBSDID("$FreeBSD$");
|
||||
#include <locale.h>
|
||||
#include <libutil.h>
|
||||
|
||||
static const int maxscale = 7;
|
||||
static const int maxscale = 6;
|
||||
|
||||
int
|
||||
humanize_number(char *buf, size_t len, int64_t quotient,
|
||||
@ -64,7 +64,7 @@ humanize_number(char *buf, size_t len, int64_t quotient,
|
||||
return (-1);
|
||||
if (scale < 0)
|
||||
return (-1);
|
||||
else if (scale >= maxscale &&
|
||||
else if (scale > maxscale &&
|
||||
((scale & ~(HN_AUTOSCALE|HN_GETSCALE)) != 0))
|
||||
return (-1);
|
||||
if ((flags & HN_DIVISOR_1000) && (flags & HN_IEC_PREFIXES))
|
||||
|
Loading…
Reference in New Issue
Block a user