This is the mail archive of the libc-hacker@sources.redhat.com mailing list for the glibc project.
Note that libc-hacker is a closed list. You may look at the archives of this list, but subscription and posting are not open.
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
Other format: | [Raw text] |
POSIX.1-2001 requires that readv fails with EINVAL if the total buffer length overflows the range of ssize_t. Andreas. 2002-01-31 Andreas Schwab <schwab@suse.de> * sysdeps/posix/readv.c: Check for ssize_t overflow. --- sysdeps/posix/readv.c.~1.8.~ Mon Jul 16 10:44:44 2001 +++ sysdeps/posix/readv.c Thu Jan 31 10:36:01 2002 @@ -19,6 +19,7 @@ #include <stdlib.h> #include <unistd.h> #include <string.h> +#include <limits.h> #include <sys/uio.h> /* Read data from file descriptor FD, and put the result in the @@ -40,7 +41,15 @@ /* Find the total number of bytes to be read. */ bytes = 0; for (i = 0; i < count; ++i) - bytes += vector[i].iov_len; + { + /* Check for ssize_t overflow. */ + if (SSIZE_MAX - bytes < vector[i].iov_len) + { + errno = EINVAL; + return -1; + } + bytes += vector[i].iov_len; + } /* Allocate a temporary buffer to hold the data. */ buffer = (char *) __alloca (bytes); -- Andreas Schwab, SuSE Labs, schwab@suse.de SuSE GmbH, Deutschherrnstr. 15-19, D-90429 Nürnberg Key fingerprint = 58CA 54C7 6D53 942B 1756 01D3 44D5 214B 8276 4ED5 "And now for something completely different."
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |