This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [patch] Fix BZ #17269 _IO_wstr_overflow integer overflow
- From: Florian Weimer <fw at deneb dot enyo dot de>
- To: Paul Pluzhnikov <ppluzhnikov at gmail dot com>
- Cc: GLIBC Devel <libc-alpha at sourceware dot org>
- Date: Sun, 22 Feb 2015 11:20:14 +0100
- Subject: Re: [patch] Fix BZ #17269 _IO_wstr_overflow integer overflow
- Authentication-results: sourceware.org; auth=none
- References: <CALoOobNWgCzh0=5pRMoy39jorDiD4A1QcsyatFDXdCZpMA2X4Q at mail dot gmail dot com> <CALoOobNvKAhQ2+r1yUZiYVsKChd7KTcHcpb_shMTNnMMTLQj5Q at mail dot gmail dot com>
* Paul Pluzhnikov:
> On Sat, Feb 21, 2015 at 10:09 PM, Paul Pluzhnikov <ppluzhnikov@gmail.com> wrote:
>
>> Attached is a rather obvious fix for BZ #17269
>
> Hmm, it seems the same problem could also happen in enlarge_userbuf.
>
+ if (__glibc_unlikely (new_size < old_wblen)
+ || __glibc_unlikely (new_size >= SIZE_MAX / sizeof (wchar_t)))
ânew_size == SIZE_MAX / sizeof (wchar_t)â should still be okay,
shouldn't it? So the check should use â>â instead of â>=â.
> Also fixed "space before paren".
Some say that it doesn't apply to macros. :-/ But your version is fine
by me.