This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [patch] Fix BZ 19165 -- overflow in fread / fwrite

From: Florian Weimer <fweimer at redhat dot com>
To: Paul Pluzhnikov <ppluzhnikov at google dot com>
Cc: GLIBC Devel <libc-alpha at sourceware dot org>
Date: Mon, 26 Oct 2015 17:05:53 +0100
Subject: Re: [patch] Fix BZ 19165 -- overflow in fread / fwrite
Authentication-results: sourceware.org; auth=none
References: <CALoOobOpSFwNOqD2RbsSQ95+16=xWN=fTpDJZqgPGJPSXCDmEA at mail dot gmail dot com> <562DDD4E dot 3050804 at redhat dot com> <CALoOobOKu=RWbiohjwcQLgFcScEBNBVs2hmT+kF3xAuuK40eVw at mail dot gmail dot com>

On 10/26/2015 04:59 PM, Paul Pluzhnikov wrote:

> inline int
> mul_would_overflow (size_t a, size_t b)
> {
>   // sqrt (SIZE_MAX + 1)
>   const size_t mul_no_overflow = (size_t) 1 << 4 * sizeof (size_t);
> 
>   if ((a >= mul_no_overflow || b >= mul_no_overflow)
>       && b > 1 && a > SIZE_MAX / b)
>     return 1;
> 
>   return 0;
> }

I think saturating multiplication would be the more useful abstraction:
return the product if it is exact, or (size_t)-1 if it overflows.

>> It could use the built-in function with GCC 5.

The variants available are documented here:

<https://gcc.gnu.org/onlinedocs/gcc-5.2.0/gcc/Integer-Overflow-Builtins.html>

Florian

References:
- [patch] Fix BZ 19165 -- overflow in fread / fwrite
  - From: Paul Pluzhnikov
- Re: [patch] Fix BZ 19165 -- overflow in fread / fwrite
  - From: Florian Weimer
- Re: [patch] Fix BZ 19165 -- overflow in fread / fwrite
  - From: Paul Pluzhnikov

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]