This is the mail archive of the mailing list for the glibc project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [PATCH][BZ #14771] Fortify tweak for snprintf et al.

On 10/21/2013 01:58 PM, Joseph S. Myers wrote:
On Mon, 21 Oct 2013, Florian Weimer wrote:

Hmm.  There is no up-front check to return EOVERFLOW in glibc, and the GCC
folder doesn't know about it, either. :-(  EOVERFLOW is apparently returned
only if the actually produced string is at least INT_MAX characters long (this
is the fprintf etc. behavior).

Apart from the Austin Group response not really engaging with the conflict
with a case that's fully defined in C99, I don't think there's anything
useful for GCC to know about regarding overflows on printf folding - GCC
can't handle strings longer than host INT_MAX (which in practice will be
the same as target INT_MAX for glibc targets) as it uses "int" to record
the length of a STRING_CST (in general, there are many places in GCC using
"int" to store sizes of target objects, host allocations, etc.).

It ignores the buffer length argument to snprintf during some parts of folding. This means that simple test cases for EOVERFLOW checking do not actually exercise the glibc implementation. Beyond that, it's probably not an issue.

Florian Weimer / Red Hat Product Security Team

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]