This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [PATCH 07/17] malloc: Add specialized dynarray for C strings


Adhemerval Zanella <adhemerval.zanella@linaro.org> writes:

>> This is the opposite of what I expect: pos > array->dynarray_header.used
>> appears to be a usage error, so this could result in __libc_fatal.
>> Integer overflow while computing sizes for memory allocation is usually
>> treated as a memory allocation failure, so it would expect a false
>> return (and no __libc_fatal) for that.
>
> So I think a better approach would just to use:
>
>   if (pos > array->dynarray_header.used)
>     __libc_dynarray_at_failure (char_array_size (array), pos);
>
>   if (check_add_wrapv_size_t (pos, len, &newsize))
>       ||check_add_wrapv_size_t (newsize, 1, &newsize))
>     return false;

Right, this is what I would expect from such an interface.  This assumes
that glob doesn't expect to feed bad existing indexes to this function,
of course.

>> If you want to prevent access to the underlying char_array_* functions
>> generated by dynarray, you could use #pragma GCC poison.

> It could be a nice idea, although there is no direct usage on the glob
> patchset.  I will check this out for a future enhancement. 

Understood.

Thanks,
Florian


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]