From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/12512 Path: news.gmane.org!.POSTED!not-for-mail From: Geraldo Netto Newsgroups: gmane.linux.lib.musl.general Subject: fread() - possible division by zero Date: Wed, 14 Feb 2018 16:50:44 -0200 Message-ID: Reply-To: musl@lists.openwall.com NNTP-Posting-Host: blaine.gmane.org Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="f403043e62c89da07905653097b6" X-Trace: blaine.gmane.org 1518634157 26191 195.159.176.226 (14 Feb 2018 18:49:17 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Wed, 14 Feb 2018 18:49:17 +0000 (UTC) To: musl@lists.openwall.com Original-X-From: musl-return-12529-gllmg-musl=m.gmane.org@lists.openwall.com Wed Feb 14 19:49:13 2018 Return-path: Envelope-to: gllmg-musl@m.gmane.org Original-Received: from mother.openwall.net ([195.42.179.200]) by blaine.gmane.org with smtp (Exim 4.84_2) (envelope-from ) id 1em27B-0006LG-8K for gllmg-musl@m.gmane.org; Wed, 14 Feb 2018 19:49:09 +0100 Original-Received: (qmail 3084 invoked by uid 550); 14 Feb 2018 18:51:12 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Original-Received: (qmail 2023 invoked from network); 14 Feb 2018 18:51:11 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=kMwbOvaO3RCEQUlt6Hq0h3K3gsDBTuo7CFCx+q/w0ks=; b=eBuBnlQA0DhPWiFFV5Xb1uLjTefJA8LRDNHtS2EPJLhrm2AJ8/Ekmk4vwv5kjlbjS+ TnybXJs4aVPDKhoyf5HeYCSqMrT8RFSc2MfjsPc2h0r7/gaCEnOGk/3WqAOpiQLH11uI zqZHrj7gTseOzWW21QD2ZDOAqsZxGnoFgGZ1MMla4A6QmcIKACNhAUSCt2IL0+BXiDlx wtTowoY3AFyYughGvKFCeWY3+qV2UD7diNmSPP3CHVUCZJ0rG9JMcgr3gWKdjz2WiPSD fq+Vf6RHRjjErTEjPh1BMxRYAJBeyvWZrk7Bwpn+Hi9fLiwlSTVLlfqZJ/zmdyqLk/lm 6nSw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=kMwbOvaO3RCEQUlt6Hq0h3K3gsDBTuo7CFCx+q/w0ks=; b=LPpBvhMgVOsS9x3dVpuULwGqjUogKz8BkWoLbSWhEEbxQ4NOSNSzlFXPMHo8rhuTng egHox9dUnFCUXaproCiBBnefnSGKnIdB3uU2ofpkQK1S83nC5cWKMf69j7OikUKFY+VF 7wEU5s7in2FY7FIXzhlM6KfsSlfYcaR4wXHFWuqEw91nYP4x0X/guxwGDIu4t9u7C1vM Nzt3k07/H8LWwj1GTTvDpOcKH1KHuoBwAdgqAufvPnMkGXUuopb4LRb2EGIGRt2k6jF5 qZc6qpNUIWvThqAJfjPxx3yUr0pgPiw2dFszwolNLcHWcL4ZWnOTCWV58aRmpz5WVg7o 72ug== X-Gm-Message-State: APf1xPBseMtTsDyXYho0+wr35fSTvX+BggA5a+2lNkjzxA43VNqR0KuN idhZ5gGXy8PwJ/MIEb+SPuCYgI4fqFiPOaXRZeJYsA== X-Google-Smtp-Source: AH8x227k+LiMHCWQ7/H6k37fsP0D4SW9tWeV/p9UemF00TDb5V5pgg/OekchFbkUeLGWy8hfvLiZbG38DnxgTVds/gI= X-Received: by 10.80.219.8 with SMTP id o8mr180861edk.301.1518634260071; Wed, 14 Feb 2018 10:51:00 -0800 (PST) Xref: news.gmane.org gmane.linux.lib.musl.general:12512 Archived-At: --f403043e62c89da07905653097b6 Content-Type: multipart/alternative; boundary="f403043e62c89da07305653097b4" --f403043e62c89da07305653097b4 Content-Type: text/plain; charset="UTF-8" Dear Friends, It seems we may have the same division by zero issue on fread(): This is the original code: size_t fread(void *restrict destv, size_t size, size_t nmemb, FILE *restrict f) { unsigned char *dest = destv; size_t len = size*nmemb, l = len, k; if (!size) nmemb = 0; FLOCK(f); f->mode |= f->mode-1; if (f->rend - f->rpos > 0) { /* First exhaust the buffer. */ k = MIN(f->rend - f->rpos, l); memcpy(dest, f->rpos, k); f->rpos += k; dest += k; l -= k; } /* Read the remainder directly */ for (; l; l-=k, dest+=k) { k = __toread(f) ? 0 : f->read(f, dest, l); if (k+1<=1) { FUNLOCK(f); return (len-l)/size; } } FUNLOCK(f); return nmemb; } It seems we need to check the variable size on return because if size is zero We'll have a division by zero and a segmentation fault I'm sending the attached patch that changes the return as follows: return (len-l)/(size != 0 ? size : 1); I don't know if this is the correct approach, so, feel free to change/let me know how to fix :) Hope it helps Kind Regards, Geraldo Netto Sapere Aude => Non dvcor, dvco http://exdev.sf.net/ --f403043e62c89da07305653097b4 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Dear Friends,

It seems we may have the same divisio= n by zero issue on fread():

This is the original code:

size_t fread(void *=
restrict destv, size_t size, size_t nmemb, FILE *restrict f)
{
	unsigned char *dest =3D destv;
	size_t len =3D size*nmemb, l =3D len, k;
	if (!size) nmemb =3D 0;

	FLOCK(f);

	f->mode |=3D f->mode-1;

	if (f->rend - f->rpos > 0) {
		/* First exhaust the buffer. */
		k =3D MIN(f->rend - f->rpos, l);
		memcpy(dest, f->rpos, k);
		f->rpos +=3D k;
		dest +=3D k;
		l -=3D k;
	}
=09
	/* Read the remainder directly */
	for (; l; l-=3Dk, dest+=3Dk) {
		k =3D __toread(f) ? 0 : f->read(f, dest, l);
		if (k+1<=3D1) {
			FUNLOCK(f);
			return (len-l)/size;
		}
	}

	FUNLOCK(f);
	return nmemb;
}



It seems we need to check the variable size on return because i= f size is zero
We'll have a division by zero and a segmentation faul= t

I'm sending the attached patch that changes the return as foll= ows:

return (len-l)/(size !=3D 0 ? size : 1);


I don't= know if this is the correct approach, so, feel free to
change/let me kn= ow how to fix :)
Hope it helps


Kind Regards,

Geraldo N= etto
Sapere Aude =3D> Non dvcor, dvco
http://exdev.sf.net/
--f403043e62c89da07305653097b4-- --f403043e62c89da07905653097b6 Content-Type: application/octet-stream; name="0001-fread-avoid-possible-division-by-zero-when-size-0.patch" Content-Disposition: attachment; filename="0001-fread-avoid-possible-division-by-zero-when-size-0.patch" Content-Transfer-Encoding: base64 X-Attachment-Id: f_jdnflqeo0 RnJvbSA4YWNiYmQ0YzhjNzY4ZWM3YTcxOGYxMDQwZjQ1ZDdkZmNlYjk3MjgzIE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiBnZXJhbGRvIG5ldHRvIDxnZXJhbGRvbmV0dG9AZ21haWwuY29t PgpEYXRlOiBXZWQsIDE0IEZlYiAyMDE4IDE2OjQ2OjEzIC0wMjAwClN1YmplY3Q6IFtQQVRDSF0g ZnJlYWQoKTogYXZvaWQgcG9zc2libGUgZGl2aXNpb24gYnkgemVybyB3aGVuIHNpemUgPSAwCgpT aWduZWQtb2ZmLWJ5OiBnZXJhbGRvIG5ldHRvIDxnZXJhbGRvbmV0dG9AZ21haWwuY29tPgotLS0K IHNyYy9zdGRpby9mcmVhZC5jIHwgMiArLQogMSBmaWxlIGNoYW5nZWQsIDEgaW5zZXJ0aW9uKCsp LCAxIGRlbGV0aW9uKC0pCgpkaWZmIC0tZ2l0IGEvc3JjL3N0ZGlvL2ZyZWFkLmMgYi9zcmMvc3Rk aW8vZnJlYWQuYwppbmRleCBhZWY3NWY3Li4xMDg1ZDJhIDEwMDY0NAotLS0gYS9zcmMvc3RkaW8v ZnJlYWQuYworKysgYi9zcmMvc3RkaW8vZnJlYWQuYwpAQCAtMjcsNyArMjcsNyBAQCBzaXplX3Qg ZnJlYWQodm9pZCAqcmVzdHJpY3QgZGVzdHYsIHNpemVfdCBzaXplLCBzaXplX3Qgbm1lbWIsIEZJ TEUgKnJlc3RyaWN0IGYpCiAJCWsgPSBfX3RvcmVhZChmKSA/IDAgOiBmLT5yZWFkKGYsIGRlc3Qs IGwpOwogCQlpZiAoaysxPD0xKSB7CiAJCQlGVU5MT0NLKGYpOwotCQkJcmV0dXJuIChsZW4tbCkv c2l6ZTsKKwkJCXJldHVybiAobGVuLWwpLyhzaXplICE9IDAgPyBzaXplIDogMSk7CiAJCX0KIAl9 CiAKLS0gCjIuNy40Cgo= --f403043e62c89da07905653097b6--