From patchwork Thu Dec 9 19:19:19 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?b?w4Z2YXIgQXJuZmrDtnLDsCBCamFybWFzb24=?= X-Patchwork-Id: 12668127 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id B62A6C433FE for ; Thu, 9 Dec 2021 19:19:38 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229505AbhLITXL (ORCPT ); Thu, 9 Dec 2021 14:23:11 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48344 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229478AbhLITXI (ORCPT ); Thu, 9 Dec 2021 14:23:08 -0500 Received: from mail-wm1-x32d.google.com (mail-wm1-x32d.google.com [IPv6:2a00:1450:4864:20::32d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E9F0FC0617A1 for ; Thu, 9 Dec 2021 11:19:34 -0800 (PST) Received: by mail-wm1-x32d.google.com with SMTP id i12so5064540wmq.4 for ; Thu, 09 Dec 2021 11:19:34 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=94fa0ttWFukWVEyNU9TPhZ048FdSAUD6gPLphJ4Fwfk=; b=Ssh7N8JqSqm0Y+ZBTq9KGy2+QM7tTKfPwTCa28B5kTuFikBmnpHDy0+9eIO6p2Ub0c kR7bsEg/byuJNelqVG/5jFpAwm4fC7gJDj7p48fFtPkqhX/DU6nVf0sDwPa8Fzvv/CtY UzUut5F+itG3ORKTMlVJ+05N2Mr4GIYyx4pxBW0VtMpPee7bzPEJxKibeZbMJ5UTwI3H X7RvzoPi04caC1C5O6xHUGhU+5EkqKSbnpc+h5UEIV+NarcrCCNCcFuX2OEFYQVDHN87 WH7HGIYAgFyOuT43aTNGLz5bNfouRhiVM010rnAWwjIHy5KZ/+gcmXEu0xZwhFO8mOiO ZIDw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=94fa0ttWFukWVEyNU9TPhZ048FdSAUD6gPLphJ4Fwfk=; b=3BDS5jYmjnizx+K2htxoCkc1sn/AAFmNBOc3DvPxDCPWYcZAEs38c9qVLSh+dpLa0e YGV279pHn9/2dmiSFfVMX4uJ6ORi0pDaGw41yPWw0q3D/2/ofVuTyH63TY1EtVnaVcJd Jsqd59Vb5eGL/9hP7IM9KQxLWxThrynmffvLfs1TwQ1o8/XwrdKwUgvL6JmBsb1yS90X YCvHLOzzfh6J4V5x3JfbAAR0Jf5iK7FXvY04UPI2ZPFyO9dc6QqKWRKbIPWP63f0puqi +l3mlMapm9bS7AYZhCJgxbvKR8Qg0NUVCjmwc7mHfaEhDqTY5koBV298k+THQ+c8xNF2 fWWg== X-Gm-Message-State: AOAM530Oks7/P6mV1gK1+bHX1RkIgvvNX1cKBUioMj0gOPQ4EU7U1n2D YTlnZmbRFydmrLVr20WAl4b7UmqNKujuhQ== X-Google-Smtp-Source: ABdhPJwU9wbBniVKoSYV6ZIDdes9tmKWk4tAeG7zClgAWRxHDQ3UA1vvRHrohPzI0Gnj9SKR8m3OqQ== X-Received: by 2002:a7b:c008:: with SMTP id c8mr10112498wmb.55.1639077573264; Thu, 09 Dec 2021 11:19:33 -0800 (PST) Received: from vm.nix.is (vm.nix.is. [2a01:4f8:120:2468::2]) by smtp.gmail.com with ESMTPSA id x13sm562180wrr.47.2021.12.09.11.19.32 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 09 Dec 2021 11:19:32 -0800 (PST) From: =?utf-8?b?w4Z2YXIgQXJuZmrDtnLDsCBCamFybWFzb24=?= To: git@vger.kernel.org Cc: Junio C Hamano , Johannes Schindelin , Jeff King , Erik Faye-Lund , Jonathan Nieder , =?utf-8?b?w4Z2YXIgQXJuZmrDtnLDsCBCamFybWFzb24=?= Subject: [RFC PATCH 02/10] range-diff.c: don't use st_mult() for signed "int" Date: Thu, 9 Dec 2021 20:19:19 +0100 Message-Id: X-Mailer: git-send-email 2.34.1.930.g0f9292b224d In-Reply-To: References: MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org As documented in 320d0b493a2 (add helpers for detecting size_t overflow, 2016-02-19) the arguments to st_mult() and st_add() "must be unsigned". This code added in d9c66f0b5bf (range-diff: first rudimentary implementation, 2018-08-13) operates on signed int. In subsequent commits further overflows resulting in segfaults will be fixed in this code, but let's start by removing this supposed guard that does nothing except give us a false sense of security. E.g. providing an "n" of INT_MAX here will result in "1" on my system, causing us to write into memory. There are other such issues left in the codebase, e.g. the code in "builtin/clean.c" changed in 50a6c8efa2b (use st_add and st_mult for allocation size computation, 2016-02-22). But let's focus on range-diff.c for now. Signed-off-by: Ævar Arnfjörð Bjarmason --- range-diff.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/range-diff.c b/range-diff.c index cac89a2f4f2..170e8623313 100644 --- a/range-diff.c +++ b/range-diff.c @@ -312,7 +312,7 @@ static void get_correspondences(struct string_list *a, struct string_list *b, int *cost, c, *a2b, *b2a; int i, j; - ALLOC_ARRAY(cost, st_mult(n, n)); + ALLOC_ARRAY(cost, n * n); ALLOC_ARRAY(a2b, n); ALLOC_ARRAY(b2a, n);