From: Guy Harris Date: Thu, 24 May 2018 22:52:43 +0000 (-0700) Subject: Remove an unnecessary overflow check. X-Git-Tag: libpcap-1.9-bp~19 X-Git-Url: https://git.tcpdump.org/libpcap/commitdiff_plain/40af96cfea9700435445fa1edf5cf6e4cd580a3b Remove an unnecessary overflow check. We'll be running on a platform where int is 31 bits plus a sign bit and size_t is either 32 bits or 64 bits, and the extra headers we put in a "packet packet" will be much less than 2^31 bytes in size, so adding the maximum packet size (an int, as pcap_snapshot() returns an int) to the size of those extra headers won't overflow a size_t. --- diff --git a/rpcapd/daemon.c b/rpcapd/daemon.c index 9c035c0e..fe166f81 100755 --- a/rpcapd/daemon.c +++ b/rpcapd/daemon.c @@ -2258,20 +2258,16 @@ daemon_thrdatamain(void *ptr) sendbuf = NULL; // we can't allocate a buffer, so nothing to free goto error; } - if ((unsigned int)pcap_snapshot(session->fp) > SIZE_MAX - (sizeof(struct rpcap_header) + sizeof(struct rpcap_pkthdr))) - { - // - // The snapshot length is so large that it would overflow - // a size_t. (Unlikely, but not impossible, on ILP32 - // platforms; impossible on LP64 and LLP64 platforms, as - // pcap_snapshot() returns an int). - // - rpcapd_log(LOGPRIO_ERROR, - "Unable to allocate the buffer for this child thread: snapshot length of %d is too large", - pcap_snapshot(session->fp)); - sendbuf = NULL; // we can't allocate a buffer, so nothing to free - goto error; - } + // + // size_t is unsigned, and the result of pcap_snapshot() is signed; + // on no platform that we support is int larger than size_t. + // This means that, unless the extra information we prepend to + // a maximum-sized packet is impossibly large, the sum of the + // snapshot length and the size of that extra information will + // fit in a size_t. + // + // So we don't need to make sure that sendbufsize will overflow. + // sendbufsize = sizeof(struct rpcap_header) + sizeof(struct rpcap_pkthdr) + pcap_snapshot(session->fp); sendbuf = (char *) malloc (sendbufsize); if (sendbuf == NULL)