This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH][BZ #14286] Fix integer overflow in vfwprintf.

From: Andreas Schwab <schwab at suse dot de>
To: OndÅej BÃlka <neleai at seznam dot cz>
Cc: libc-alpha at sourceware dot org
Date: Mon, 21 Oct 2013 11:04:42 +0200
Subject: Re: [PATCH][BZ #14286] Fix integer overflow in vfwprintf.
Authentication-results: sourceware.org; auth=none
References: <20131021082701 dot GA22363 at domone dot podge>

OndÅej BÃlka <neleai@seznam.cz> writes:

> 	[BZ #14286]
> 	* stdio-common/vfprintf.c: Fix integer overflow.

s/Fix/Check for/

> diff --git a/stdio-common/vfprintf.c b/stdio-common/vfprintf.c
> index 8cd7a85..ba6b6d1 100644
> --- a/stdio-common/vfprintf.c
> +++ b/stdio-common/vfprintf.c
> @@ -1067,7 +1067,12 @@ vfprintf (FILE *s, const CHAR_T *format, va_list ap)
>  	    /* Allocate dynamically an array which definitely is long	      \
>  	       enough for the wide character version.  Each byte in the	      \
>  	       multi-byte string can produce at most one wide character.  */  \
> -	    if (__libc_use_alloca (len * sizeof (wchar_t)))		      \
> +	    if (len > SIZE_MAX / sizeof (wchar_t))			      \
> +	      {								      \
> +		done = -1;						      \
> +		goto all_done;						      \

You need to set errno.  Use __glibc_unlikely.

Andreas.

-- 
Andreas Schwab, SUSE Labs, schwab@suse.de
GPG Key fingerprint = 0196 BAD8 1CE9 1970 F4BE  1748 E4D4 88E3 0EEA B9D7
"And now for something completely different."

Follow-Ups:
- [PATCH v2][BZ #14286] Fix integer overflow in vfwprintf.
  - From: OndÅej BÃlka

References:
- [PATCH][BZ #14286] Fix integer overflow in vfwprintf.
  - From: OndÅej BÃlka

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]