Re: Fix overflow check in sys/netinet6/in6.c

2016-02-27 Thread Stefan Kempf
Martin Pieuchot wrote: > On 17/02/16(Wed) 20:38, Stefan Kempf wrote: > > Martin Pieuchot wrote: > > It looks like NetBSD removed the SIOCSIFALIFETIME_IN6 ioctl a long time > > ago, along with the overflow checks, saying that this ioctl could never > > have worked: > > http://cvsweb.netbsd.org/bsdwe

Re: Fix overflow check in sys/netinet6/in6.c

2016-02-18 Thread Martin Pieuchot
On 17/02/16(Wed) 20:38, Stefan Kempf wrote: > Martin Pieuchot wrote: > > On 13/02/16(Sat) 18:51, Stefan Kempf wrote: > > > Some thoughts about this: > > > > > > If this particular type of undefined behavior is really a concern: maybe > > > looking for bounds/overflow checks that are incorrect besi

Re: Fix overflow check in sys/netinet6/in6.c

2016-02-17 Thread Stefan Kempf
Martin Pieuchot wrote: > On 13/02/16(Sat) 18:51, Stefan Kempf wrote: > > Some thoughts about this: > > > > If this particular type of undefined behavior is really a concern: maybe > > looking for bounds/overflow checks that are incorrect besides undefined > > behavior first is a better approach. A

Re: Fix overflow check in sys/netinet6/in6.c

2016-02-16 Thread Martin Pieuchot
On 13/02/16(Sat) 18:51, Stefan Kempf wrote: > Some thoughts about this: > > If this particular type of undefined behavior is really a concern: maybe > looking for bounds/overflow checks that are incorrect besides undefined > behavior first is a better approach. A good way of fixing those will > be

Re: Fix overflow check in sys/netinet6/in6.c

2016-02-13 Thread Stefan Kempf
Some thoughts about this: If this particular type of undefined behavior is really a concern: maybe looking for bounds/overflow checks that are incorrect besides undefined behavior first is a better approach. A good way of fixing those will be found, which could then be applied to the "just undefin

Fix overflow check in sys/netinet6/in6.c

2016-02-12 Thread Michael McConville
time_second is a time_t, which we define as int64_t. The other operands used are of type uint32_t. Therefore, these checks get promoted to int64_t and the overflow being tested is undefined because it uses signed arithmetic. I think that the below diff fixes the overflow check. However, I'm pretty