DragonFlyBSD Kernel Audit
← dashboard
DF-0069

Signed integer overflow (C UB) in lock range end calculation (caught by guard, no corruption reachable)

Summary

kern_lockf.c:233 end=start+fl->l_len-1 signed 64-bit add can overflow for large l_start/l_len (e.g. l_start=1 l_len=LLONG_MAX). Signed overflow is C UB (C11 6.5). if(end<start) guard :234 effective under 2s-complement wraparound (dangerous cases produce end<=start rejected; benign start=0/l_len=LLONG_MAX -> end=LLONG_MAX-1). Same pattern SEEK_END start=size+fl->l_start :217 mixed uint/int. No memory corruption reachable (guard catches). -fwrapv typical. Code-quality defense-in-depth.