[exim-dev] read/write 4 bytes from/to a short

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
 
 
Delete this message
Reply to this message
Author: Torsten Luettgert
Date:  
To: exim-dev
Subject: [exim-dev] read/write 4 bytes from/to a short
Hi all,

when compiling exim with gcc 11.1, it complains (correctly, I would
say) about a few read/write operations overflowing the struct member to
read/write:

deliver.c:2415 - address_item.transport_return is a short int
deliver.c:2421 - address_item.special_action also
deliver.c:2489 - same

A simple patch is attached. What do you think?

Regards,
Torsten

diff --color -urN exim-4.95/src/deliver.c exim-4.95.patched/src/deliver.c
--- exim-4.95/src/deliver.c    2021-09-28 10:24:46.000000000 +0200
+++ exim-4.95.patched/src/deliver.c    2021-10-06 09:06:41.805935776 +0200
@@ -2411,14 +2411,15 @@
     int local_part_length = Ustrlen(addr2->local_part);
     uschar *s;
     int ret;
+    int tmp1 = addr2->transport_return, tmp2 = addr2->special_action;


-    if(  (ret = write(pfd[pipe_write], &addr2->transport_return, sizeof(int))) != sizeof(int)
+    if(  (ret = write(pfd[pipe_write], &tmp1, sizeof(int))) != sizeof(int)
       || (ret = write(pfd[pipe_write], &transport_count, sizeof(transport_count))) != sizeof(transport_count)
       || (ret = write(pfd[pipe_write], &addr2->flags, sizeof(addr2->flags))) != sizeof(addr2->flags)
       || (ret = write(pfd[pipe_write], &addr2->basic_errno,    sizeof(int))) != sizeof(int)
       || (ret = write(pfd[pipe_write], &addr2->more_errno,     sizeof(int))) != sizeof(int)
       || (ret = write(pfd[pipe_write], &addr2->delivery_time,  sizeof(struct timeval))) != sizeof(struct timeval)
-      || (ret = write(pfd[pipe_write], &addr2->special_action, sizeof(int))) != sizeof(int)
+      || (ret = write(pfd[pipe_write], &tmp2, sizeof(int))) != sizeof(int)
       || (ret = write(pfd[pipe_write], &addr2->transport,
         sizeof(transport_instance *))) != sizeof(transport_instance *)


@@ -2476,7 +2477,7 @@
   {
   if ((len = read(pfd[pipe_read], &status, sizeof(int))) > 0)
     {
-    int i;
+    int i, tmp;
     uschar **sptr;


     addr2->transport_return = status;
@@ -2486,7 +2487,8 @@
     len = read(pfd[pipe_read], &addr2->basic_errno,    sizeof(int));
     len = read(pfd[pipe_read], &addr2->more_errno,     sizeof(int));
     len = read(pfd[pipe_read], &addr2->delivery_time,  sizeof(struct timeval));
-    len = read(pfd[pipe_read], &addr2->special_action, sizeof(int));
+    len = read(pfd[pipe_read], &tmp, sizeof(int));
+    addr2->special_action = (short)tmp;
     len = read(pfd[pipe_read], &addr2->transport,
       sizeof(transport_instance *));


This message was posted to the following mailing lists:
Exim-dev
Mailing List Info | Nearby Messages		<-[exim-dev] [Bug 2814] Retry hints not correctly expunged on successful delivery if interface value set in transport[exim-dev] [Bug 2805] New: 4.95 ALPN callback returns protocol prefixed with length->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)