This is the mail archive of the cygwin-developers@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

realloc overflow problem


[This may be more appropriate for the newlib list, but I will start
here.  Please feel free to redirect this post...]

While tracking down a Cygwin Python problem, I believe that I have
uncovered an overflow problem in realloc() (and possibly other malloc
routines).  The attached test program, realloc.cc, demonstrates the
problem:

    $ realloc 536870911  # realloc((maximum int value) / 4) fails
    realloc(536870911) failed
    $ realloc 2147483647 # realloc(maximum int value) "succeeds"
    $

The attached patch "fixes" the overflow problem by changing many (long)
casts into (unsigned long) ones:

    $ realloc 2147483647
    realloc(2147483647) failed

Is this the right approach?  Or, is there a better way?

Thanks,
Jason

Attachment: realloc.cc
Description: Text document

Attachment: mallocr.c.diff
Description: Text document


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]