Re: [Rpm-maint] [rpm-software-management/rpm] Check that count and data length are reasonable (#1492)
@pmatilai does this revised version look good? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/pull/1492#issuecomment-768385550___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] Check that count and data length are reasonable (#1492)
@DemiMarie pushed 1 commit. 3ce3e85d61caae81d94afcff6afa5046bc2d5f65 Use int64_t for lengths -- You are receiving this because you are subscribed to this thread. View it on GitHub: https://github.com/rpm-software-management/rpm/pull/1492/files/8f0c8600f1bc25dd9b724ee4d4086fc0bf91827c..3ce3e85d61caae81d94afcff6afa5046bc2d5f65 ___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] Check that count and data length are reasonable (#1492)
"int" is (at least) 32 bits on all platforms rpm supports, that's not an issue. The rough idea is that explicitly sized types are used for "physical" data of that size, and abstract types for abstractions, such as results of calculation. In fact this (and various other similar places) would probably be better off using a 64bit type so it's not possible to overflow it with the data we're dealing with. Overflow checks all over the place hurt readability, it's better to eliminate the problem entirely if at all possible. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/pull/1492#issuecomment-762810239___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] Check that count and data length are reasonable (#1492)
@DemiMarie pushed 1 commit. 8f0c8600f1bc25dd9b724ee4d4086fc0bf91827c Check that count and data length are reasonable -- You are receiving this because you are subscribed to this thread. View it on GitHub: https://github.com/rpm-software-management/rpm/pull/1492/files/fc4d264682aa89bcd61a941a4e328eb2c0df59f3..8f0c8600f1bc25dd9b724ee4d4086fc0bf91827c ___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] Check that count and data length are reasonable (#1492)
@DemiMarie pushed 1 commit. fc4d264682aa89bcd61a941a4e328eb2c0df59f3 Check that count and data length are reasonable -- You are receiving this because you are subscribed to this thread. View it on GitHub: https://github.com/rpm-software-management/rpm/pull/1492/files/702fcbfe2f913c3183ebf0883214f12af4d62859..fc4d264682aa89bcd61a941a4e328eb2c0df59f3 ___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] Check that count and data length are reasonable (#1492)
The added check may well be right, but it hardly prevents "any possible overflow" there could ever be. If you look at past commits, we go to great lengths to explain in which situation some problem can happen and how the existing checks are not suffient, please help keep the tradition. It helps the reviewer to check the code does what you think it does (this is subtle and treacherous code, been there) and seeing whether there's a better way to do that (see the string length check PR for example) Last but certainly not least, *when* (not if) somebody later on stumbles on another bug in the surrounding code, a detailed explanation as to why a piece of code is the way it is helps avoid breaking that subtle case again. Etc. This goes to most of these hardening commits - some things are plain obvious but others are not. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/pull/1492#issuecomment-760084270___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
[Rpm-maint] [rpm-software-management/rpm] Check that count and data length are reasonable (#1492)
This avoids any possible integer overflows. You can view, comment on, or merge this pull request online at: https://github.com/rpm-software-management/rpm/pull/1492 -- Commit Summary -- * Check that count and data length are reasonable -- File Changes -- M lib/header.c (3) -- Patch Links -- https://github.com/rpm-software-management/rpm/pull/1492.patch https://github.com/rpm-software-management/rpm/pull/1492.diff -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/pull/1492 ___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint