This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug libc/2753] Integer overflow in bsearch
- From: "greenrd at greenrd dot org" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sources dot redhat dot com
- Date: 13 Jun 2006 17:45:35 -0000
- Subject: [Bug libc/2753] Integer overflow in bsearch
- References: <20060610203847.2753.greenrd@greenrd.org>
- Reply-to: sourceware-bugzilla at sourceware dot org
------- Additional Comments From greenrd at greenrd dot org 2006-06-13 17:45 -------
The point is, the sum l + u obviously can exceed nmemb, because if the
searched-for value is at the end, on the first iteration l is increased and u
stays equal to nmemb. At this point in the execution, _prior_ to dividing by 2,
integer overflow can occur.
--
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |REOPENED
Resolution|INVALID |
http://sourceware.org/bugzilla/show_bug.cgi?id=2753
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.