lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <639c8ef5-2755-7172-fbb8-ce45c8637feb@zytor.com>
Date:   Sun, 12 Jul 2020 06:09:15 -0700
From:   "H. Peter Anvin" <hpa@...or.com>
To:     trix@...hat.com, alain@...ff.lu
Cc:     linux-kernel@...r.kernel.org, stable@...r.kernel.org
Subject: Re: [PATCH] decompress_bunzip2: fix sizeof type in start_bunzip

On 2020-07-12 05:59, trix@...hat.com wrote:
> From: Tom Rix <trix@...hat.com>
> 
> clang static analysis flags this error
> 
> lib/decompress_bunzip2.c:671:13: warning: Result of 'malloc' is converted
>   to a pointer of type 'unsigned int', which is incompatible with sizeof
>   operand type 'int' [unix.MallocSizeof]
>         bd->dbuf = large_malloc(bd->dbufSize * sizeof(int));
>                    ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> 
> Reviewing the bunzip_data structure, the element dbuf is type
> 
> 	/* Intermediate buffer and its size (in bytes) */
> 	unsigned int *dbuf, dbufSize;
> 
> So change the type in sizeof to 'unsigned int'
> 

You must be kidding.

If you want to change it, change it to sizeof(bd->dbuf) instead, but this flag
is at least in my opinion a total joke. For sizeof(int) != sizeof(unsigned
int) is beyond bizarre, no matter how stupid the platform.

	-hpa

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ