Closed Bug 1473778 Opened 7 years ago Closed 7 years ago

integer overflow in [@ mar_hash_name]

Categories

(Toolkit :: Application Update, defect)

Product:
Toolkit
Component:
Application Update
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INVALID
Tracking Flags:
Tracking Status
firefox63 --- affected

People

(Reporter: tsmith, Unassigned)

Details

(Keywords: csectype-intoverflow, testcase)

Attachments

(1 file)

testcase.mar
693 bytes, application/octet-stream
Details
Attached file testcase.mar
Found with m-c changeset: 425221:afdeb0288690 This was found with a 32-bit build with UBSan. To reproduce run 'mar -t ./testcase.mar' src/mar_read.c:27:14: runtime error: unsigned integer overflow: 3512528686 * 37 cannot be represented in type 'unsigned int' #0 0x80751d7 in mar_hash_name src/modules/libmar/src/mar_read.c:27:14 #1 0x80751d7 in mar_insert_item src/modules/libmar/src/mar_read.c:46 #2 0x80751d7 in mar_consume_index src/modules/libmar/src/mar_read.c:109 #3 0x80751d7 in mar_read_index src/modules/libmar/src/mar_read.c:142 #4 0x80751d7 in mar_fpopen src/modules/libmar/src/mar_read.c:164 #5 0x80751d7 in mar_open src/modules/libmar/src/mar_read.c:182
bah I should have read that function first :P
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → INVALID
Group: core-security
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: