[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Possible memory fault in fs/iso9660 (correction)
|
From: |
Daniel Kiper |
|
Subject: |
Re: Possible memory fault in fs/iso9660 (correction) |
|
Date: |
Thu, 24 Nov 2022 14:17:40 +0100 |
|
User-agent: |
NeoMutt/20170113 (1.7.2) |
On Sat, Nov 19, 2022 at 01:57:59PM +0100, Thomas Schmitt wrote:
> Hi,
>
> i wrote:
> > I think the loop end condition should use 4 rather than 1:
> > (char *) entry < (char *) sua + sua_size - 4 && entry->len > 0
>
> Urm ... better "3 rather than 1":
>
> (char *) entry < (char *) sua + sua_size - 3 && entry->len > 0
>
> The memory fault by entry->len will appear if
> entry >= sua + sua_size - 2
>
>
> (Only good i did not submit a patch attempt.
> Why is that "- 1" present anyways ? Shall it ensure the presence of
> entry->type ?)
I am not an ISO format expert but your thinking LGTM. So, could you send
a patch fixing this issue?
Daniel