This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug stdio/19165] fread overflow
- From: "danielmicay at gmail dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Fri, 23 Oct 2015 10:29:53 +0000
- Subject: [Bug stdio/19165] fread overflow
- Auto-submitted: auto-generated
- References: <bug-19165-131 at http dot sourceware dot org/bugzilla/>
https://sourceware.org/bugzilla/show_bug.cgi?id=19165
Daniel Micay <danielmicay at gmail dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |danielmicay at gmail dot com
--- Comment #4 from Daniel Micay <danielmicay at gmail dot com> ---
The fread implementation in OpenBSD (and thus Android's Bionic, since stdio & a
lot more is taken from there) just does this:
/*
* Extension: Catch integer overflow
*/
if ((size >= MUL_NO_OVERFLOW || count >= MUL_NO_OVERFLOW) &&
size > 0 && SIZE_MAX / size < count) {
errno = EOVERFLOW;
fp->_flags |= __SERR;
return (0);
}
So it's a similar assumption as the one made by _FORTIFY_SOURCE: it's treated
as invalid even if there's a guarantee that it won't read that much.
It's not possible to make a buffer larger than SIZE_MAX though, so if it's
considered invalid to pass a total size larger than the buffer (as
_FORTIFY_SOURCE checks for) then the check is kind of pointless (beyond a
optional sanity check for hardening).
--
You are receiving this mail because:
You are on the CC list for the bug.