This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [patch] Fix BZ 19165 -- overflow in fread / fwrite
- From: Florian Weimer <fweimer at redhat dot com>
- To: Paul Pluzhnikov <ppluzhnikov at google dot com>
- Cc: GLIBC Devel <libc-alpha at sourceware dot org>
- Date: Mon, 26 Oct 2015 08:59:10 +0100
- Subject: Re: [patch] Fix BZ 19165 -- overflow in fread / fwrite
- Authentication-results: sourceware.org; auth=none
- References: <CALoOobOpSFwNOqD2RbsSQ95+16=xWN=fTpDJZqgPGJPSXCDmEA at mail dot gmail dot com>
On 10/26/2015 04:49 AM, Paul Pluzhnikov wrote:
> diff --git a/libio/iofread.c b/libio/iofread.c
> index eb69b05..a8ea391 100644
> --- a/libio/iofread.c
> +++ b/libio/iofread.c
> @@ -37,7 +37,7 @@ _IO_fread (void *buf, _IO_size_t size, _IO_size_t count, _IO_FILE *fp)
> _IO_acquire_lock (fp);
> bytes_read = _IO_sgetn (fp, (char *) buf, bytes_requested);
> _IO_release_lock (fp);
> - return bytes_requested == bytes_read ? count : bytes_read / size;
> + return bytes_read / size;
> }
> libc_hidden_def (_IO_fread)
I think this needs a comment why it is acceptable not to check for
overflow here.
> + if (count > SIZE_MAX / size)
> + {
> + __set_errno(EOVERFLOW);
> + return 0;
> + }
Can you avoid the division? Maybe it makes sense to add a separate
abstraction for this (a saturated multiplication function). It could
use the built-in function with GCC 5.
Florian