This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [patch] Fix BZ 19165 -- overflow in fread / fwrite
- From: Florian Weimer <fweimer at redhat dot com>
- To: Paul Pluzhnikov <ppluzhnikov at google dot com>, Paul Eggert <eggert at cs dot ucla dot edu>
- Cc: Alexander Cherepanov <ch3root at openwall dot com>, Rich Felker <dalias at libc dot org>, GLIBC Devel <libc-alpha at sourceware dot org>, "Joseph S. Myers" <joseph at codesourcery dot com>
- Date: Thu, 10 Dec 2015 20:49:24 +0100
- Subject: Re: [patch] Fix BZ 19165 -- overflow in fread / fwrite
- Authentication-results: sourceware.org; auth=none
- References: <CALoOobOpSFwNOqD2RbsSQ95+16=xWN=fTpDJZqgPGJPSXCDmEA at mail dot gmail dot com> <20151026200605 dot GI8645 at brightrain dot aerifal dot cx> <CALoOobPxCPN_Lwvc98CevgCJMwHa_9cURZsALsLeG+SPDSF+Xw at mail dot gmail dot com> <CALoOobOn9ni8FXK3W4ZGAEHSnYAEVUn10agEyC8NO62TyWg0ig at mail dot gmail dot com> <562FC0A8 dot 1080603 at openwall dot com> <CALoOobOxcxieyrfNf9Eg=wmymDyKUPZ_F+atPP+Af8dyYjez_w at mail dot gmail dot com> <5665D571 dot 3090504 at cs dot ucla dot edu> <CALoOobOm6waSvc+pS0DeNFDUq11MNL3xn0XeRNp2vVyOw7=pBA at mail dot gmail dot com>
On 12/10/2015 08:43 PM, Paul Pluzhnikov wrote:
> On Mon, Dec 7, 2015 at 10:52 AM, Paul Eggert <eggert@cs.ucla.edu> wrote:
>
>> The above comments suggest that this patch is part of a larger maintenance
>> problem with glibc and integer overflow checking. To simplify maintenance,
>> I suggest instead that we leave cdefs.h alone, and instead copy and include
>> gnulib's intprops.h for internal use only inside glibc, and use intprops.h's
>> macro 'INT_MULTIPLY_OVERFLOW (a, b)' instead of defining and using
>> '__umul_size_t_overflow (a, b)'. This would simplify maintenance in the
>> long run, as it already incorporates all the above comments. Please see:
>>
>> http://git.savannah.gnu.org/cgit/gnulib.git/tree/lib/intprops.h
>
> Sigh. A "simple" overflow check in _IO_fread turned into a multi-month
> ordeal ...
I don't think we want to import intprops.h because it is totally opaque.
> While I agree that what you are proposing is probably better, I am not
> currently prepared to undertake that change. I'll un-assign BZ19165
> from myself instead.
Do you mind if I try to move this forward?
Thanks,
Florian