This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH 07/17] malloc: Add specialized dynarray for C strings
Adhemerval Zanella <adhemerval.zanella@linaro.org> writes:
>> This is the opposite of what I expect: pos > array->dynarray_header.used
>> appears to be a usage error, so this could result in __libc_fatal.
>> Integer overflow while computing sizes for memory allocation is usually
>> treated as a memory allocation failure, so it would expect a false
>> return (and no __libc_fatal) for that.
>
> So I think a better approach would just to use:
>
> if (pos > array->dynarray_header.used)
> __libc_dynarray_at_failure (char_array_size (array), pos);
>
> if (check_add_wrapv_size_t (pos, len, &newsize))
> ||check_add_wrapv_size_t (newsize, 1, &newsize))
> return false;
Right, this is what I would expect from such an interface. This assumes
that glob doesn't expect to feed bad existing indexes to this function,
of course.
>> If you want to prevent access to the underlying char_array_* functions
>> generated by dynarray, you could use #pragma GCC poison.
> It could be a nice idea, although there is no direct usage on the glob
> patchset. I will check this out for a future enhancement.
Understood.
Thanks,
Florian