diff options
author | Alan Somers <asomers@FreeBSD.org> | 2017-08-25 15:31:55 +0000 |
---|---|---|
committer | Alan Somers <asomers@FreeBSD.org> | 2017-08-25 15:31:55 +0000 |
commit | 77a798b30ae43e8aac56a124e159b0b8624f4195 (patch) | |
tree | 94a2a49eef9f2c2f5ccb8d27f072ed0d72de597e /bin/dd/dd.c | |
parent | e71fe5ce0af907489aee3dbc07719ba2336639f2 (diff) | |
download | src-77a798b30ae43e8aac56a124e159b0b8624f4195.tar.gz src-77a798b30ae43e8aac56a124e159b0b8624f4195.zip |
dd(1): Incorrect casting of arguments
dd(1) casts many of its numeric arguments from uintmax_t to intmax_t and
back again to detect whether or not the original arguments were negative.
This is not correct, and causes problems with boundary cases, for example
when count is SSIZE_MAX-1.
PR: 191263
Submitted by: will@worrbase.com
Reviewed by: pi, asomers
MFC after: 3 weeks
Notes
Notes:
svn path=/head/; revision=322893
Diffstat (limited to 'bin/dd/dd.c')
-rw-r--r-- | bin/dd/dd.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/bin/dd/dd.c b/bin/dd/dd.c index 22d2bd5d8e34..3ac110355dec 100644 --- a/bin/dd/dd.c +++ b/bin/dd/dd.c @@ -204,10 +204,10 @@ setup(void) * record oriented I/O, only need a single buffer. */ if (!(ddflags & (C_BLOCK | C_UNBLOCK))) { - if ((in.db = malloc(out.dbsz + in.dbsz - 1)) == NULL) + if ((in.db = malloc((size_t)out.dbsz + in.dbsz - 1)) == NULL) err(1, "input buffer"); out.db = in.db; - } else if ((in.db = malloc(MAX(in.dbsz, cbsz) + cbsz)) == NULL || + } else if ((in.db = malloc(MAX((size_t)in.dbsz, cbsz) + cbsz)) == NULL || (out.db = malloc(out.dbsz + cbsz)) == NULL) err(1, "output buffer"); @@ -405,7 +405,7 @@ dd_in(void) ++st.in_full; /* Handle full input blocks. */ - } else if ((size_t)n == in.dbsz) { + } else if ((size_t)n == (size_t)in.dbsz) { in.dbcnt += in.dbrcnt = n; ++st.in_full; @@ -562,7 +562,7 @@ dd_out(int force) outp += nw; st.bytes += nw; - if ((size_t)nw == n && n == out.dbsz) + if ((size_t)nw == n && n == (size_t)out.dbsz) ++st.out_full; else ++st.out_part; |