DragonFlyBSD Kernel Audit
← dashboard
DF-0087

Signed integer overflow (C UB) in new_unrhdr last computation when high=INT_MAX

Summary

subr_unit.c:257 uh->last=1+(high-low). 3 production callers pass high=INT_MAX low=0/1 (backlight.c:146 led.c:347 sound.c:1419). 1+INT_MAX signed overflow UB (C11). No -fwrapv in build. In practice compilers produce correct wraparound (INT_MIN as int = 0x80000000 items). Subsequent alloc_unrl handles correctly returned units <= INT_MAX. Standards-compliance hardening only no security impact.