This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [patch] Fix BZ 19165 -- overflow in fread / fwrite

From: Paul Pluzhnikov <ppluzhnikov at google dot com>
To: Florian Weimer <fweimer at redhat dot com>
Cc: GLIBC Devel <libc-alpha at sourceware dot org>
Date: Mon, 26 Oct 2015 08:59:55 -0700
Subject: Re: [patch] Fix BZ 19165 -- overflow in fread / fwrite
Authentication-results: sourceware.org; auth=none
References: <CALoOobOpSFwNOqD2RbsSQ95+16=xWN=fTpDJZqgPGJPSXCDmEA at mail dot gmail dot com> <562DDD4E dot 3050804 at redhat dot com>

On Mon, Oct 26, 2015 at 12:59 AM, Florian Weimer <fweimer@redhat.com> wrote:

> > +  if (count > SIZE_MAX / size)
> > +    {
> > +      __set_errno(EOVERFLOW);
> > +      return 0;
> > +    }
>
> Can you avoid the division?  Maybe it makes sense to add a separate
> abstraction for this (a saturated multiplication function).

This https://sourceware.org/bugzilla/show_bug.cgi?id=19165#c4 is how
OpenBSD avoids the division in common case.

Do we want something like:

inline int
mul_would_overflow (size_t a, size_t b)
{
  // sqrt (SIZE_MAX + 1)
  const size_t mul_no_overflow = (size_t) 1 << 4 * sizeof (size_t);

  if ((a >= mul_no_overflow || b >= mul_no_overflow)
      && b > 1 && a > SIZE_MAX / b)
    return 1;

  return 0;
}

> It could use the built-in function with GCC 5.

What's the builtin?

Thanks,
-- 
Paul Pluzhnikov

Follow-Ups:
- Re: [patch] Fix BZ 19165 -- overflow in fread / fwrite
  - From: Florian Weimer

References:
- [patch] Fix BZ 19165 -- overflow in fread / fwrite
  - From: Paul Pluzhnikov
- Re: [patch] Fix BZ 19165 -- overflow in fread / fwrite
  - From: Florian Weimer

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]