This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [patch] Fix BZ #18660 -- overflow in getusershell
- From: Joseph Myers <joseph at codesourcery dot com>
- To: Tobias Stöckmann <tobias at stoeckmann dot org>
- Cc: Paul Pluzhnikov <ppluzhnikov at gmail dot com>, GLIBC Devel <libc-alpha at sourceware dot org>
- Date: Mon, 17 Aug 2015 15:48:06 +0000
- Subject: Re: [patch] Fix BZ #18660 -- overflow in getusershell
- Authentication-results: sourceware.org; auth=none
- References: <CAPC3xaqdOk4EWQJEiBLidfVxSx1iH5F9k_DTZDamkjQR1xZ3Gw at mail dot gmail dot com> <alpine dot DEB dot 2 dot 10 dot 1508171058110 dot 9234 at digraph dot polyomino dot org dot uk> <833414989 dot 49643 dot 1439825616327 dot JavaMail dot open-xchange at oxbsltgw00 dot schlund dot de>
On Mon, 17 Aug 2015, Tobias StÃckmann wrote:
> > On August 17, 2015 at 12:59 PM Joseph Myers <joseph@codesourcery.com> wrote:
> > Since you're increasing an allocation size, don't you also need to adjust
> > the check a few lines earlier for whether the allocation size calculation
> > would overflow?
>
> if (statb.st_size > ~(size_t)0 / sizeof (char *) * 3)
> goto init_okshells;
> flen = statb.st_size + 3;
>
> The check has to focus on flen's statb.st_size + 3 anyway.
> It's larger than statb.st_size / 3.
It's smaller than statb.st_size / 3 * sizeof (char *) (or the new adjusted
version thereof), since sizeof (char *) is 4 or 8 for configurations
supported by glibc.
--
Joseph S. Myers
joseph@codesourcery.com