| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <EE11D4F0-8DA4-4030-800E-516423293987@zytor.com> Date: Sun, 12 Jul 2020 15:21:49 -0700 From: hpa@...or.com To: Tom Rix <trix@...hat.com>, alain@...ff.lu CC: linux-kernel@...r.kernel.org, stable@...r.kernel.org Subject: Re: [PATCH] decompress_bunzip2: fix sizeof type in start_bunzip On July 12, 2020 8:12:43 AM PDT, Tom Rix <trix@...hat.com> wrote: > >On 7/12/20 6:09 AM, H. Peter Anvin wrote: >> On 2020-07-12 05:59, trix@...hat.com wrote: >>> From: Tom Rix <trix@...hat.com> >>> >>> clang static analysis flags this error >>> >>> lib/decompress_bunzip2.c:671:13: warning: Result of 'malloc' is >converted >>> to a pointer of type 'unsigned int', which is incompatible with >sizeof >>> operand type 'int' [unix.MallocSizeof] >>> bd->dbuf = large_malloc(bd->dbufSize * sizeof(int)); >>> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >>> >>> Reviewing the bunzip_data structure, the element dbuf is type >>> >>> /* Intermediate buffer and its size (in bytes) */ >>> unsigned int *dbuf, dbufSize; >>> >>> So change the type in sizeof to 'unsigned int' >>> >> You must be kidding. >> >> If you want to change it, change it to sizeof(bd->dbuf) instead, but >this flag >> is at least in my opinion a total joke. For sizeof(int) != >sizeof(unsigned >> int) is beyond bizarre, no matter how stupid the platform. > >Using the actual type is more correct that using a type of the same >size. > >trix > >> -hpa >> "More correct?" All it is is more verbose. Using the sizeof of the actual object at least adds some actual safety. -- Sent from my Android device with K-9 Mail. Please excuse my brevity.
Powered by blists - more mailing lists