This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH][BZ #14286] Fix integer overflow in vfwprintf.
- From: Andreas Schwab <schwab at suse dot de>
- To: OndÅej BÃlka <neleai at seznam dot cz>
- Cc: libc-alpha at sourceware dot org
- Date: Mon, 21 Oct 2013 11:04:42 +0200
- Subject: Re: [PATCH][BZ #14286] Fix integer overflow in vfwprintf.
- Authentication-results: sourceware.org; auth=none
- References: <20131021082701 dot GA22363 at domone dot podge>
OndÅej BÃlka <neleai@seznam.cz> writes:
> [BZ #14286]
> * stdio-common/vfprintf.c: Fix integer overflow.
s/Fix/Check for/
> diff --git a/stdio-common/vfprintf.c b/stdio-common/vfprintf.c
> index 8cd7a85..ba6b6d1 100644
> --- a/stdio-common/vfprintf.c
> +++ b/stdio-common/vfprintf.c
> @@ -1067,7 +1067,12 @@ vfprintf (FILE *s, const CHAR_T *format, va_list ap)
> /* Allocate dynamically an array which definitely is long \
> enough for the wide character version. Each byte in the \
> multi-byte string can produce at most one wide character. */ \
> - if (__libc_use_alloca (len * sizeof (wchar_t))) \
> + if (len > SIZE_MAX / sizeof (wchar_t)) \
> + { \
> + done = -1; \
> + goto all_done; \
You need to set errno. Use __glibc_unlikely.
Andreas.
--
Andreas Schwab, SUSE Labs, schwab@suse.de
GPG Key fingerprint = 0196 BAD8 1CE9 1970 F4BE 1748 E4D4 88E3 0EEA B9D7
"And now for something completely different."