This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [patch] Fix BZ 19165 -- overflow in fread / fwrite

From: Alexander Cherepanov <ch3root at openwall dot com>
To: Paul Pluzhnikov <ppluzhnikov at google dot com>, GNU C Library <libc-alpha at sourceware dot org>
Date: Mon, 26 Oct 2015 20:50:07 +0300
Subject: Re: [patch] Fix BZ 19165 -- overflow in fread / fwrite
Authentication-results: sourceware.org; auth=none
References: <CALoOobOpSFwNOqD2RbsSQ95+16=xWN=fTpDJZqgPGJPSXCDmEA at mail dot gmail dot com>

On 2015-10-26 06:49, Paul Pluzhnikov wrote:

Attached patch fixes BZ 19165 by failing fwrite when the byte count is
impossibly large,

I think this goes against the standard. In such cases fwrite should gountil an error. A saturated multiplication, as proposed by Florian, isprobably a good idea.

and by returning actual count from fread, instead of
approximation of it.

Thanks, this should eliminate the main concern (please note though that,after wrapping, bytes_requested and hence bytes_read may be not evenlydivisible by size). But I think this is not enough to be standard-compliant.


--
Alexander Cherepanov

References:
- [patch] Fix BZ 19165 -- overflow in fread / fwrite
  - From: Paul Pluzhnikov

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]