This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[Bug libc/2753] Integer overflow in bsearch


https://sourceware.org/bugzilla/show_bug.cgi?id=2753

Ondrej Bilka <neleai at seznam dot cz> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |neleai at seznam dot cz

--- Comment #6 from Ondrej Bilka <neleai at seznam dot cz> ---
> The bug could be fixed by replacing '__idx = (__l + __u) / 2' with '__idx = __l > + (__u - __l)/2' in bits/stdlib-bsearch.h. I don't see a good reason not to.

A good reason is that it causes a performance penalty. To trigger overflow you
need to fill more than half of address space with bytes. As it needs to be
sorted one could just simulate it by array with 256 indexes where that number
starts. Anyone that triggers that scenario should be fired for incompetence.

-- 
You are receiving this mail because:
You are on the CC list for the bug.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]