From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp15.mail.ru (smtp15.mail.ru [94.100.176.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dev.tarantool.org (Postfix) with ESMTPS id 23B30445320 for ; Thu, 16 Jul 2020 17:27:16 +0300 (MSK) Date: Thu, 16 Jul 2020 14:27:15 +0000 From: Nikita Pettik Message-ID: <20200716142715.GA32056@tarantool.org> References: <1594821336-14468-1-git-send-email-alyapunov@tarantool.org> <1594821336-14468-3-git-send-email-alyapunov@tarantool.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <1594821336-14468-3-git-send-email-alyapunov@tarantool.org> Subject: Re: [Tarantool-patches] [PATCH v3 02/13] Check data_offset overflow in struct tuple List-Id: Tarantool development patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Aleksandr Lyapunov Cc: tarantool-patches@dev.tarantool.org On 15 Jul 16:55, Aleksandr Lyapunov wrote: > data_offset member of tuple is uint16_t now. At the same time > this field is calculated from field_map_size which is uint32_t. > That could lead to overflows and crashes. > > Fixes #5084 > --- Pushed to master, 2.4, 2.3 and backported to 1.10 (without multikey test). Changelogs are updated correspondingly.