This is the mail archive of the glibc-bugs@sources.redhat.com mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[Bug libc/756] missing arithmetic overflow check


------- Additional Comments From eggert at gnu dot org  2005-02-24 00:36 -------
(In reply to comment #4)
> I think that would work.  I'll propose it on the gnulib list.  Please go ahead
> and apply that change if you feel comfortable with it.

No, a simple check against zero is incorrect.
outbuf_size isn't set to zero when an
overflow occurs.  Unsigned arithmetic wraps around, so outbuf_size
could be any of a wide variety of values in the size_t range.

For example, suppose MB_LEN_MAX is 16, inbytes_remaining is 2**24, and
we are on a 32-bit machine.  Then

  size_t outbuf_size = (inbytes_remaining + 1) * MB_LEN_MAX;

would set inbytes_remaining to 16, not zero.

Please look again at the check of inbytes_remaining against
SIZE_MAX / MB_LEN_MAX; that does the right thing.

-- 


http://sources.redhat.com/bugzilla/show_bug.cgi?id=756

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]