This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH v2][BZ #14286] Fix integer overflow in vfwprintf.
- From: OndÅej BÃlka <neleai at seznam dot cz>
- To: Andreas Schwab <schwab at suse dot de>
- Cc: libc-alpha at sourceware dot org
- Date: Tue, 26 Nov 2013 20:21:30 +0100
- Subject: Re: [PATCH v2][BZ #14286] Fix integer overflow in vfwprintf.
- Authentication-results: sourceware.org; auth=none
- References: <20131021082701 dot GA22363 at domone dot podge> <mvmsivv805x dot fsf at hawking dot suse dot de> <20131021093837 dot GA23041 at domone dot podge> <20131106114313 dot GA9461 at domone dot podge>
ping
On Wed, Nov 06, 2013 at 12:43:13PM +0100, OndÅej BÃlka wrote:
> ping
> On Mon, Oct 21, 2013 at 11:38:37AM +0200, OndÅej BÃlka wrote:
> > On Mon, Oct 21, 2013 at 11:04:42AM +0200, Andreas Schwab wrote:
> > > OndÅej BÃlka <neleai@seznam.cz> writes:
> > >
> > > > [BZ #14286]
> > > > * stdio-common/vfprintf.c: Fix integer overflow.
> > >
> > > s/Fix/Check for/
> > >
> > done.
> > > > diff --git a/stdio-common/vfprintf.c b/stdio-common/vfprintf.c
> > > > index 8cd7a85..ba6b6d1 100644
> > > > --- a/stdio-common/vfprintf.c
> > > > +++ b/stdio-common/vfprintf.c
> > > > @@ -1067,7 +1067,12 @@ vfprintf (FILE *s, const CHAR_T *format, va_list ap)
> > > > /* Allocate dynamically an array which definitely is long \
> > > > enough for the wide character version. Each byte in the \
> > > > multi-byte string can produce at most one wide character. */ \
> > > > - if (__libc_use_alloca (len * sizeof (wchar_t))) \
> > > > + if (len > SIZE_MAX / sizeof (wchar_t)) \
> > > > + { \
> > > > + done = -1; \
> > > > + goto all_done; \
> > >
> > > You need to set errno. Use __glibc_unlikely.
> > >
> > ok, but errno handling confused me. I copied that from case when malloc
> > fails that if I read code correctly does not set ENOMEM. Should we add
> > additional errnos there?
> >
> >
> > [BZ #14286]
> > * stdio-common/vfprintf.c: Check for integer overflow.
> >
--
Elves on strike. (Why do they call EMAG Elf Magic)