This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [patch] Fix BZ #17269 _IO_wstr_overflow integer overflow

From: Florian Weimer <fw at deneb dot enyo dot de>
To: Paul Pluzhnikov <ppluzhnikov at gmail dot com>
Cc: GLIBC Devel <libc-alpha at sourceware dot org>
Date: Sun, 22 Feb 2015 11:20:14 +0100
Subject: Re: [patch] Fix BZ #17269 _IO_wstr_overflow integer overflow
Authentication-results: sourceware.org; auth=none
References: <CALoOobNWgCzh0=5pRMoy39jorDiD4A1QcsyatFDXdCZpMA2X4Q at mail dot gmail dot com> <CALoOobNvKAhQ2+r1yUZiYVsKChd7KTcHcpb_shMTNnMMTLQj5Q at mail dot gmail dot com>

* Paul Pluzhnikov:

> On Sat, Feb 21, 2015 at 10:09 PM, Paul Pluzhnikov <ppluzhnikov@gmail.com> wrote:
>
>> Attached is a rather obvious fix for BZ #17269
>
> Hmm, it seems the same problem could also happen in enlarge_userbuf.
>

+	  if (__glibc_unlikely (new_size < old_wblen)
+	      || __glibc_unlikely (new_size >= SIZE_MAX / sizeof (wchar_t)))

ânew_size == SIZE_MAX / sizeof (wchar_t)â should still be okay,
shouldn't it?  So the check should use â>â instead of â>=â.

> Also fixed "space before paren".

Some say that it doesn't apply to macros. :-/ But your version is fine
by me.

Follow-Ups:
- Re: [patch] Fix BZ #17269 _IO_wstr_overflow integer overflow
  - From: Paul Pluzhnikov

References:
- [patch] Fix BZ #17269 _IO_wstr_overflow integer overflow
  - From: Paul Pluzhnikov
- Re: [patch] Fix BZ #17269 _IO_wstr_overflow integer overflow
  - From: Paul Pluzhnikov

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]