This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[Bug stdio/19165] fread overflow


https://sourceware.org/bugzilla/show_bug.cgi?id=19165

Daniel Micay <danielmicay at gmail dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |danielmicay at gmail dot com

--- Comment #4 from Daniel Micay <danielmicay at gmail dot com> ---
The fread implementation in OpenBSD (and thus Android's Bionic, since stdio & a
lot more is taken from there) just does this:

        /*
         * Extension:  Catch integer overflow
         */
        if ((size >= MUL_NO_OVERFLOW || count >= MUL_NO_OVERFLOW) &&
            size > 0 && SIZE_MAX / size < count) {
                errno = EOVERFLOW;
                fp->_flags |= __SERR;
                return (0);
        }

So it's a similar assumption as the one made by _FORTIFY_SOURCE: it's treated
as invalid even if there's a guarantee that it won't read that much.

It's not possible to make a buffer larger than SIZE_MAX though, so if it's
considered invalid to pass a total size larger than the buffer (as
_FORTIFY_SOURCE checks for) then the check is kind of pointless (beyond a
optional sanity check for hardening).

-- 
You are receiving this mail because:
You are on the CC list for the bug.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]