This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug network/19413] New: ns_name_unpack: UB when checking for out of range addresses
- From: "cherepan at mccme dot ru" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Mon, 28 Dec 2015 14:14:05 +0000
- Subject: [Bug network/19413] New: ns_name_unpack: UB when checking for out of range addresses
- Auto-submitted: auto-generated
https://sourceware.org/bugzilla/show_bug.cgi?id=19413
Bug ID: 19413
Summary: ns_name_unpack: UB when checking for out of range
addresses
Product: glibc
Version: 2.22
Status: NEW
Severity: normal
Priority: P2
Component: network
Assignee: unassigned at sourceware dot org
Reporter: cherepan at mccme dot ru
Target Milestone: ---
ns_name_unpack has the following code:
425 srcp = msg + (((n & 0x3f) << 8) | (*srcp & 0xff));
426 if (srcp < msg || srcp >= eom) { /*%< Out of
range. */
https://sourceware.org/git/?p=glibc.git;a=blob;f=resolv/ns_name.c;h=f355cf34443c46d091157ed06f4ef8487214bf10;hb=HEAD#l425
This code is invalid C. The sum "msg + ..." is undefined by the C standard when
the result doesn't point into the same array. Then, checks for pointer wrapping
like "srcp < msg" are already "miscompiled" by clang and, I guess, could be
expected to be broken by gcc in the future.
Similar to pr19391.
--
You are receiving this mail because:
You are on the CC list for the bug.