diff options
| author | Wolfram Schneider <wosch@FreeBSD.org> | 2022-01-30 16:27:27 +0000 |
|---|---|---|
| committer | Wolfram Schneider <wosch@FreeBSD.org> | 2022-01-30 16:27:27 +0000 |
| commit | 5260fbcebdfcf2c17f9575bfbe9a34c97d56ea0a (patch) | |
| tree | bed7c70d123659f35a4a07349e6220f74e1ae785 /usr.bin/locate | |
| parent | e7d6783f4a2cde71bc664b338d70ba0388a4ce2d (diff) | |
| download | src-5260fbcebdfcf2c17f9575bfbe9a34c97d56ea0a.tar.gz src-5260fbcebdfcf2c17f9575bfbe9a34c97d56ea0a.zip | |
fix check for integer
For historical reasons, the integer is stored with an offset of plus 14.
That means, for a given max path length of 1024 the valid values
are -1009 .. 1037 and not -1023 .. 1023
PR: 201243
Diffstat (limited to 'usr.bin/locate')
| -rw-r--r-- | usr.bin/locate/locate/util.c | 22 |
1 files changed, 14 insertions, 8 deletions
diff --git a/usr.bin/locate/locate/util.c b/usr.bin/locate/locate/util.c index ff64b5a952d3..77d8f7e58079 100644 --- a/usr.bin/locate/locate/util.c +++ b/usr.bin/locate/locate/util.c @@ -223,16 +223,20 @@ getwm(p) } u; register int i, hi; + /* the integer is stored by an offset of 14 (!!!) */ + int i_max = MAXPATHLEN + OFFSET; + int i_min = -(MAXPATHLEN - OFFSET); + for (i = 0; i < (int)INTSIZE; i++) u.buf[i] = *p++; i = u.i; - if (i > MAXPATHLEN || i < -(MAXPATHLEN)) { + if (i >= i_max || i <= i_min) { hi = ntohl(i); - if (hi > MAXPATHLEN || hi < -(MAXPATHLEN)) - errx(1, "integer out of +-MAXPATHLEN (%d): %u", - MAXPATHLEN, abs(i) < abs(hi) ? i : hi); + if (hi >= i_max || hi <= i_min) + errx(1, "integer out of range: %d < %d < %d", + i_min, abs(i) < abs(hi) ? i : hi, i_max); return(hi); } return(i); @@ -251,14 +255,16 @@ getwf(fp) FILE *fp; { register int word, hword; + int i_max = MAXPATHLEN + OFFSET; + int i_min = -(MAXPATHLEN - OFFSET); word = getw(fp); - if (word > MAXPATHLEN || word < -(MAXPATHLEN)) { + if (word >= i_max || word <= i_min) { hword = ntohl(word); - if (hword > MAXPATHLEN || hword < -(MAXPATHLEN)) - errx(1, "integer out of +-MAXPATHLEN (%d): %u", - MAXPATHLEN, abs(word) < abs(hword) ? word : hword); + if (hword >= i_max || hword <= i_min) + errx(1, "integer out of range: %d < %d < %d", + i_min, abs(word) < abs(hword) ? word : hword, i_max); return(hword); } return(word); |