This is the mail archive of the
glibc-bugs@sources.redhat.com
mailing list for the glibc project.
[Bug libc/756] missing arithmetic overflow check
- From: "eggert at gnu dot org" <sourceware-bugzilla at sources dot redhat dot com>
- To: glibc-bugs at sources dot redhat dot com
- Date: 24 Feb 2005 00:36:06 -0000
- Subject: [Bug libc/756] missing arithmetic overflow check
- References: <20050222195246.756.simon@josefsson.org>
- Reply-to: sourceware-bugzilla at sources dot redhat dot com
------- Additional Comments From eggert at gnu dot org 2005-02-24 00:36 -------
(In reply to comment #4)
> I think that would work. I'll propose it on the gnulib list. Please go ahead
> and apply that change if you feel comfortable with it.
No, a simple check against zero is incorrect.
outbuf_size isn't set to zero when an
overflow occurs. Unsigned arithmetic wraps around, so outbuf_size
could be any of a wide variety of values in the size_t range.
For example, suppose MB_LEN_MAX is 16, inbytes_remaining is 2**24, and
we are on a 32-bit machine. Then
size_t outbuf_size = (inbytes_remaining + 1) * MB_LEN_MAX;
would set inbytes_remaining to 16, not zero.
Please look again at the check of inbytes_remaining against
SIZE_MAX / MB_LEN_MAX; that does the right thing.
--
http://sources.redhat.com/bugzilla/show_bug.cgi?id=756
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.