This is the mail archive of the libc-hacker@sources.redhat.com mailing list for the glibc project.
Note that libc-hacker is a closed list. You may look at the archives of this list, but subscription and posting are not open.
| Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
|---|---|---|
| Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
| Other format: | [Raw text] | |
POSIX.1-2001 requires that readv fails with EINVAL if the total buffer
length overflows the range of ssize_t.
Andreas.
2002-01-31 Andreas Schwab <schwab@suse.de>
* sysdeps/posix/readv.c: Check for ssize_t overflow.
--- sysdeps/posix/readv.c.~1.8.~ Mon Jul 16 10:44:44 2001
+++ sysdeps/posix/readv.c Thu Jan 31 10:36:01 2002
@@ -19,6 +19,7 @@
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
+#include <limits.h>
#include <sys/uio.h>
/* Read data from file descriptor FD, and put the result in the
@@ -40,7 +41,15 @@
/* Find the total number of bytes to be read. */
bytes = 0;
for (i = 0; i < count; ++i)
- bytes += vector[i].iov_len;
+ {
+ /* Check for ssize_t overflow. */
+ if (SSIZE_MAX - bytes < vector[i].iov_len)
+ {
+ errno = EINVAL;
+ return -1;
+ }
+ bytes += vector[i].iov_len;
+ }
/* Allocate a temporary buffer to hold the data. */
buffer = (char *) __alloca (bytes);
--
Andreas Schwab, SuSE Labs, schwab@suse.de
SuSE GmbH, Deutschherrnstr. 15-19, D-90429 Nürnberg
Key fingerprint = 58CA 54C7 6D53 942B 1756 01D3 44D5 214B 8276 4ED5
"And now for something completely different."
| Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
|---|---|---|
| Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |