Re: CVS commit: src (getdelim.c:1.1)

To: source-changes-d%NetBSD.org@localhost
Subject: Re: CVS commit: src (getdelim.c:1.1)
From: Alan Barrett <apb%cequrux.com@localhost>
Date: Tue, 14 Jul 2009 21:36:26 +0200

On Wed, 15 Jul 2009, Geoff Wing wrote:
> On Tuesday 2009-07-14 16:46 +0100, Roy Marples output:
> :-            newlen = off + len + 1;
> :-            /* Ensure that the resultant buffer length fits in ssize_t */
> :-            if (newlen > (size_t)SSIZE_MAX + 1) {
> :+            newlen = off + len;
> :+            /* Ensure that the resultant buffer length fits in ssize_t. */
> :+            if (newlen > SSIZE_MAX) {
> 
> I may have explained this poorly.  "newlen", "off" and "len" are
> signed numbers.  If the addition "off + len" overflows ssize_t (also signed),
> then "newlen" is now negative and will never be greater than SSIZE_MAX.  Yes?

No.  If those are all signed, and if off+len overflows, then it leads to
undefined behaviour.

I haven't thought enought about this, but I'd be inclined to do the
addition using an unsigned type, which has well-defined overflow
behaviour, and then check the range of the unsigned result.

--apb (Alan Barrett)

References:
- Re: CVS commit: src (getdelim.c:1.1)
  - From: Geoff Wing
- Re: CVS commit: src (getdelim.c:1.1)
  - From: Geoff Wing

Prev by Date: Re: CVS commit: src (getdelim.c:1.1)
Next by Date: Re: CVS commit: src
Previous by Thread: Re: CVS commit: src (getdelim.c:1.1)
Next by Thread: Re: CVS commit: src (getdelim/getline distrib set entries)
Indexes:

Home | Main Index | Thread Index | Old Index