This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [PATCH][BZ #15672] Fix error_tail overflow in allocation calculation.


On Mon, Oct 14, 2013 at 01:59:17PM +0000, Joseph S. Myers wrote:
> On Mon, 14 Oct 2013, Ondrej Bilka wrote:
> 
> > @@ -165,7 +165,7 @@ error_tail (int status, int errnum, const char *message, va_list args)
> >  	  if (res != len)
> >  	    break;
> >  
> > -	  if (__builtin_expect (len >= SIZE_MAX / 2, 0))
> > +	  if (__builtin_expect (len * sizeof (wchar_t) >= SIZE_MAX / 2, 0))
> 
> No, that's incorrect, as len * sizeof (wchar_t) can overflow size_t.  You 
> need to compare len directly with SIZE_MAX / 2 / sizeof (wchar_t).
> 
Ok with that?


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]