New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fileapi fgets b110119937 #1042

Merged
merged 2 commits into from Jun 15, 2018

Conversation

Projects
None yet
3 participants
@schwehr
Contributor

schwehr commented Jun 13, 2018

Do not scan past the end of the read data in pj_ctx_fgets

use-of-uninitialized-value third_party/proj4/proj/src/pj_fileapi.c:pj_ctx_fgets

Found with autofuzz msan

@schwehr

This comment has been minimized.

Contributor

schwehr commented Jun 13, 2018

Fixing:

../../src/pj_fileapi.c:202:20: error: implicit conversion loses integer precision: 'size_t' (aka 'unsigned long') to 'int' [-Werror,-Wshorten-64-to-32]
    max_size = MIN(bytes_read, (size_t)(size > 2 ? size - 2 : 0));
             ~     ^~~~~~~~~~
@kbevers

This comment has been minimized.

Member

kbevers commented Jun 15, 2018

Looks good to me. Do you mind squashing the last two commits to one before I merge? We should try to have as few commits in the history that breaks the build.

@mloskot

This comment has been minimized.

Member

mloskot commented Jun 15, 2018

👍 squash squash :)

@schwehr

This comment has been minimized.

Contributor

schwehr commented Jun 15, 2018

Will do on the squashing... now to find a block of time longer than 2 minutes

Do not scan past the end of the read data in pj_ctx_fgets
use-of-uninitialized-value third_party/proj4/proj/src/pj_fileapi.c:pj_ctx_fgets

Found with autofuzz msan

@schwehr schwehr force-pushed the schwehr:fileapi-fgets-b110119937 branch from 8e26c61 to d35a698 Jun 15, 2018

@schwehr

This comment has been minimized.

Contributor

schwehr commented Jun 15, 2018

3 became 2

@mloskot

This comment has been minimized.

Member

mloskot commented Jun 15, 2018

(off topic)
@schwehr Before kids, 30 min free slot wasn't worth booting my laptop. With kids, 10-15 min breaks can make wonders - https://github.com/mloskot/qt-creator-plugin-boostbuild/blob/master/README.md#why-boostbuild-plugin-for-qt-creator

kid napping, laptop warming laps while sat next to cot bed :)

@kbevers kbevers merged commit 6b77f5f into OSGeo:master Jun 15, 2018

3 checks passed

continuous-integration/appveyor/pr AppVeyor build succeeded
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
coverage/coveralls Coverage increased (+0.001%) to 77.631%
Details

@kbevers kbevers added this to the 5.2.0 milestone Jun 18, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment