This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH][BZ #15672] Fix error_tail overflow in allocation calculation.
- From: "Joseph S. Myers" <joseph at codesourcery dot com>
- To: OndÅej BÃlka <neleai at seznam dot cz>
- Cc: <libc-alpha at sourceware dot org>
- Date: Mon, 14 Oct 2013 13:59:17 +0000
- Subject: Re: [PATCH][BZ #15672] Fix error_tail overflow in allocation calculation.
- Authentication-results: sourceware.org; auth=none
- References: <20131014125751 dot GA22906 at domone dot podge>
On Mon, 14 Oct 2013, Ondrej Bilka wrote:
> @@ -165,7 +165,7 @@ error_tail (int status, int errnum, const char *message, va_list args)
> if (res != len)
> break;
>
> - if (__builtin_expect (len >= SIZE_MAX / 2, 0))
> + if (__builtin_expect (len * sizeof (wchar_t) >= SIZE_MAX / 2, 0))
No, that's incorrect, as len * sizeof (wchar_t) can overflow size_t. You
need to compare len directly with SIZE_MAX / 2 / sizeof (wchar_t).
--
Joseph S. Myers
joseph@codesourcery.com