diff options
author | Rob Landley <rob@landley.net> | 2019-07-30 13:09:05 -0500 |
---|---|---|
committer | Rob Landley <rob@landley.net> | 2019-07-30 13:09:05 -0500 |
commit | 6b617d8073600c9f2518c87addc49a89a27d887e (patch) | |
tree | eac233534a76b224f41d1e468da3b4eb4f660733 /lib/args.c | |
parent | e4dd5350882fde0cc82741e9b424037f35887f96 (diff) | |
download | toybox-6b617d8073600c9f2518c87addc49a89a27d887e.tar.gz |
Fix signed typecast bug.
We use (char *)1 and (char *)2 to indicate errors (they can never be valid
pointers because both malloc() and mmap() return aligned memory and those
align down to NULL, plus Linux maps 4k at the bottom to catch null
dereferences anyway), and then typecast it to long (trusting in LP64) to
do an integer <=2 comparison... except that needs to be UNSIGNED long or
else pointers in the top half of the virtual memory space become negative
and the <=2 false positives them as errors. (Oops.)
Diffstat (limited to 'lib/args.c')
0 files changed, 0 insertions, 0 deletions