This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH] stdlib-bsearch: middle element calculation may overflow
- From: Sergey Senozhatsky <sergey dot senozhatsky dot work at gmail dot com>
- To: Mike Frysinger <vapier at gentoo dot org>
- Cc: Sergey Senozhatsky <sergey dot senozhatsky dot work at gmail dot com>, "libc-alpha at sourceware dot org" <libc-alpha at sourceware dot org>, Sergey Senozhatsky <sergey dot senozhatsky at gmail dot com>
- Date: Thu, 16 Mar 2017 17:26:39 +0900
- Subject: Re: [PATCH] stdlib-bsearch: middle element calculation may overflow
- Authentication-results: sourceware.org; auth=none
- References: <20170316052615.7662-1-sergey.senozhatsky@gmail.com> <20170316073208.GY24205@vapier>
On (03/16/17 03:32), Mike Frysinger wrote:
> On 16 Mar 2017 14:26, Sergey Senozhatsky wrote:
> > Middle element calculation may overflow at '__l + __u' when
> > __l and __u are large enough. Use distance between __u and
> > __l instead.
>
> do you a simple test case we can include ?
Hello Mike,
well... no, I don't. but something like below (composed in mail client,
basically) should do the trick in 32-bit mode.
sorry, I'm really not familiar with the way you guys usually
write tests for glibc.
hope this helps.
==== test.c ====
// includes
#define ARRAY_SZ 3100000000U
static int char_compare(const void *a, const void *b)
{
const char *ca = (const char *)a;
const char *cb = (const char *)b;
return *ca - *cb;
}
int main()
{
char *array;
char *ret;
char key = '2';
array = malloc(sizeof(char) * ARRAY_SZ);
if (!array)
abort();
memset(array, '1', ARRAY_SZ);
array[ARRAY_SZ - 1] = '2';
ret = bsearch(&key, array, ARRAY_SZ, sizeof(char), char_compare);
if (!ret || *ret != key)
abort();
return 0;
}
---
gcc -m32 test.c -o a.out
./a.out
most likely will never stop. while the patched bsearch() should.
-ss