This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [patch] Fix BZ 19165 -- overflow in fread / fwrite

From: Florian Weimer <fweimer at redhat dot com>
To: Paul Pluzhnikov <ppluzhnikov at google dot com>
Cc: GLIBC Devel <libc-alpha at sourceware dot org>
Date: Mon, 26 Oct 2015 08:59:10 +0100
Subject: Re: [patch] Fix BZ 19165 -- overflow in fread / fwrite
Authentication-results: sourceware.org; auth=none
References: <CALoOobOpSFwNOqD2RbsSQ95+16=xWN=fTpDJZqgPGJPSXCDmEA at mail dot gmail dot com>

On 10/26/2015 04:49 AM, Paul Pluzhnikov wrote:

> diff --git a/libio/iofread.c b/libio/iofread.c
> index eb69b05..a8ea391 100644
> --- a/libio/iofread.c
> +++ b/libio/iofread.c
> @@ -37,7 +37,7 @@ _IO_fread (void *buf, _IO_size_t size, _IO_size_t count, _IO_FILE *fp)
>    _IO_acquire_lock (fp);
>    bytes_read = _IO_sgetn (fp, (char *) buf, bytes_requested);
>    _IO_release_lock (fp);
> -  return bytes_requested == bytes_read ? count : bytes_read / size;
> +  return bytes_read / size;
>  }
>  libc_hidden_def (_IO_fread)

I think this needs a comment why it is acceptable not to check for
overflow here.

> +  if (count > SIZE_MAX / size)
> +    {
> +      __set_errno(EOVERFLOW);
> +      return 0;
> +    }

Can you avoid the division?  Maybe it makes sense to add a separate
abstraction for this (a saturated multiplication function).  It could
use the built-in function with GCC 5.

Florian

Follow-Ups:
- Re: [patch] Fix BZ 19165 -- overflow in fread / fwrite
  - From: Paul Pluzhnikov

References:
- [patch] Fix BZ 19165 -- overflow in fread / fwrite
  - From: Paul Pluzhnikov

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]