lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20200712125952.8809-1-trix@redhat.com>
Date:   Sun, 12 Jul 2020 05:59:52 -0700
From:   trix@...hat.com
To:     hpa@...or.com, alain@...ff.lu
Cc:     linux-kernel@...r.kernel.org, stable@...r.kernel.org,
        Tom Rix <trix@...hat.com>
Subject: [PATCH] decompress_bunzip2: fix sizeof type in start_bunzip

From: Tom Rix <trix@...hat.com>

clang static analysis flags this error

lib/decompress_bunzip2.c:671:13: warning: Result of 'malloc' is converted
  to a pointer of type 'unsigned int', which is incompatible with sizeof
  operand type 'int' [unix.MallocSizeof]
        bd->dbuf = large_malloc(bd->dbufSize * sizeof(int));
                   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Reviewing the bunzip_data structure, the element dbuf is type

	/* Intermediate buffer and its size (in bytes) */
	unsigned int *dbuf, dbufSize;

So change the type in sizeof to 'unsigned int'

Fixes: bc22c17e12c1 ("bzip2/lzma: library support for gzip, bzip2 and lzma decompression")

Signed-off-by: Tom Rix <trix@...hat.com>
---
 lib/decompress_bunzip2.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/decompress_bunzip2.c b/lib/decompress_bunzip2.c
index 7c4932eed748..59ab76bda7a7 100644
--- a/lib/decompress_bunzip2.c
+++ b/lib/decompress_bunzip2.c
@@ -668,7 +668,7 @@ static int INIT start_bunzip(struct bunzip_data **bdp, void *inbuf, long len,
 	   uncompressed data.  Allocate intermediate buffer for block. */
 	bd->dbufSize = 100000*(i-BZh0);
 
-	bd->dbuf = large_malloc(bd->dbufSize * sizeof(int));
+	bd->dbuf = large_malloc(bd->dbufSize * sizeof(unsigned int));
 	if (!bd->dbuf)
 		return RETVAL_OUT_OF_MEMORY;
 	return RETVAL_OK;
-- 
2.18.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ