This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
Other format: | [Raw text] |
On Sun, Feb 1, 2015 at 9:09 PM, Rich Felker <dalias@libc.org> wrote: > Offhand, the multiplication newsize * sizeof (CHAR_T) looks like a > potential integer overflow. Are you sure it's okay? Joseph noted that in the BZ entry: JM> The logic also has a problem that the comparison JM> UCHAR_MAX + 1 > 2 * wpmax doesn't allow for 2 * wpmax overflowing, JM> though that would only apply if half the address space gets allocated. I guess I could fix that while I am at it. Patch updated. Re-tested. Thanks, -- Paul Pluzhnikov 2015-02-01 Paul Pluzhnikov <ppluzhnikov@google.com> [BZ #16618] * stdio-common/vfscanf.c (ADDW): Correct alloca size check and fix heap buffer overflow. * stdio-common/tst-sscanf.c: Add test for BZ 16618
Attachment:
pr16618.patch3.txt
Description: Text document
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |