[PATCH v2][BZ #14286] Fix integer overflow in vfwprintf.

Ondřej Bílka neleai@seznam.cz
Wed Nov 27 11:40:00 GMT 2013


ping
On Wed, Nov 06, 2013 at 12:43:13PM +0100, Ondřej Bílka wrote:
> ping
> On Mon, Oct 21, 2013 at 11:38:37AM +0200, Ondřej Bílka wrote:
> > On Mon, Oct 21, 2013 at 11:04:42AM +0200, Andreas Schwab wrote:
> > > Ondřej Bílka <neleai@seznam.cz> writes:
> > > 
> > > > 	[BZ #14286]
> > > > 	* stdio-common/vfprintf.c: Fix integer overflow.
> > > 
> > > s/Fix/Check for/
> > > 
> > done.
> > > > diff --git a/stdio-common/vfprintf.c b/stdio-common/vfprintf.c
> > > > index 8cd7a85..ba6b6d1 100644
> > > > --- a/stdio-common/vfprintf.c
> > > > +++ b/stdio-common/vfprintf.c
> > > > @@ -1067,7 +1067,12 @@ vfprintf (FILE *s, const CHAR_T *format, va_list ap)
> > > >  	    /* Allocate dynamically an array which definitely is long	      \
> > > >  	       enough for the wide character version.  Each byte in the	      \
> > > >  	       multi-byte string can produce at most one wide character.  */  \
> > > > -	    if (__libc_use_alloca (len * sizeof (wchar_t)))		      \
> > > > +	    if (len > SIZE_MAX / sizeof (wchar_t))			      \
> > > > +	      {								      \
> > > > +		done = -1;						      \
> > > > +		goto all_done;						      \
> > > 
> > > You need to set errno.  Use __glibc_unlikely.
> > > 
> > ok, but errno handling confused me. I copied that from case when malloc
> > fails that if I read code correctly does not set ENOMEM. Should we add
> > additional errnos there?
> > 
> > 
> > 	[BZ #14286]
> > 	* stdio-common/vfprintf.c: Check for integer overflow.
> > 

-- 

Elves on strike. (Why do they call EMAG Elf Magic)



More information about the Libc-alpha mailing list