This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: vfprintf typing problem
On Sat, Mar 31, 2012 at 5:19 PM, David Miller <davem@davemloft.net> wrote:
> 2012-03-30 ?David S. Miller ?<davem@davemloft.net>
>
> ? ? ? ?* stdio-common/printf-parse.h (read_int): Change return type to
> ? ? ? ?'int', return -1 on INT_MAX overflow.
> ? ? ? ?* stdio-common/vfprintf.c (vfprintf): Validate width and precision
> ? ? ? ?against overflow of INT_MAX. ?Set errno to EOVERFLOW when 'done'
> ? ? ? ?overflows INT_MAX. ?Check for overflow of in-format-string precision
> ? ? ? ?values properly.
> ? ? ? ?* stdio-common/bug22.c: Adjust to test both width/prevision
> ? ? ? ?INT_MAX overflow as well as total length INT_MAX overflow. ?Check
> ? ? ? ?explicitly for proper errno values.
>
> diff --git a/stdio-common/printf-parse.h b/stdio-common/printf-parse.h
> index 72665dc..eb2d628 100644
> --- a/stdio-common/printf-parse.h
> +++ b/stdio-common/printf-parse.h
> @@ -68,7 +68,7 @@ union printf_arg
> ?#ifndef DONT_NEED_READ_INT
> ?/* Read a simple integer from a string and update the string pointer.
> ? ?It is assumed that the first character is a digit. ?*/
> -static unsigned int
> +static int
> ?read_int (const UCHAR_T * *pstr)
> ?{
> ? unsigned int retval = **pstr - L_('0');
> @@ -77,9 +77,11 @@ read_int (const UCHAR_T * *pstr)
> ? ? {
> ? ? ? retval *= 10;
> ? ? ? retval += **pstr - L_('0');
> + ? ? ?if (retval > INT_MAX)
> + ? ? ? return -1;
Is this correct?
If in the previous iteration we were less than INT_MAX, given the "*
10 + [0-9]" we might wrap the unsigned int retval to a positive value
e.g. 429,496,729 * 10 + 6 = 0, and not detect the signed int overflow?
What am I missing?
Cheers,
Carlos.