This is the mail archive of the
mailing list for the glibc project.
Re: [patch] Fix BZ #18660 -- overflow in getusershell
- From: Tobias StÃckmann <tobias at stoeckmann dot org>
- To: Paul Pluzhnikov <ppluzhnikov at gmail dot com>, Joseph Myers <joseph at codesourcery dot com>
- Cc: GLIBC Devel <libc-alpha at sourceware dot org>
- Date: Mon, 17 Aug 2015 17:33:36 +0200 (CEST)
- Subject: Re: [patch] Fix BZ #18660 -- overflow in getusershell
- Authentication-results: sourceware.org; auth=none
- References: <CAPC3xaqdOk4EWQJEiBLidfVxSx1iH5F9k_DTZDamkjQR1xZ3Gw at mail dot gmail dot com> <alpine dot DEB dot 2 dot 10 dot 1508171058110 dot 9234 at digraph dot polyomino dot org dot uk>
- Reply-to: Tobias StÃckmann <tobias at stoeckmann dot org>
> On August 17, 2015 at 12:59 PM Joseph Myers <firstname.lastname@example.org> wrote:
> Since you're increasing an allocation size, don't you also need to adjust
> the check a few lines earlier for whether the allocation size calculation
> would overflow?
if (statb.st_size > ~(size_t)0 / sizeof (char *) * 3)
flen = statb.st_size + 3;
The check has to focus on flen's statb.st_size + 3 anyway.
It's larger than statb.st_size / 3.