off by one bounds
Maxim Konovalov
maxim at macomnet.ru
Sat Aug 21 02:19:48 PDT 2004
On Sat, 21 Aug 2004, 05:00-0400, Skip Ford wrote:
> Maxim Konovalov wrote:
> > On Fri, 20 Aug 2004, 12:36-0700, Ted Unangst wrote:
> >
> >> errors in freebsd 4.10 found by Coverity's analysis.
> >
> >> ip_icmp.c:ip_next_mtu, i == sizeof, dir >= 0
> >
> > If i == sizeof then mtutab[i] == 0
>
> If "i == sizeof" then mtutab[i] is out of bounds, off by one.
> There is no mtutab[sizeof mtutab / sizeof mtutab[0]].
>
> This isn't specific to RELENG_4
Ah, yes, sorry.
--
Maxim Konovalov
More information about the freebsd-hackers
mailing list