This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH] stdlib-bsearch: middle element calculation may overflow
- From: Sergey Senozhatsky <sergey dot senozhatsky at gmail dot com>
- To: Joseph Myers <joseph at codesourcery dot com>
- Cc: Sergey Senozhatsky <sergey dot senozhatsky dot work at gmail dot com>, "libc-alpha at sourceware dot org" <libc-alpha at sourceware dot org>, Sergey Senozhatsky <sergey dot senozhatsky at gmail dot com>
- Date: Fri, 17 Mar 2017 00:49:08 +0900
- Subject: Re: [PATCH] stdlib-bsearch: middle element calculation may overflow
- Authentication-results: sourceware.org; auth=none
- References: <20170316052615.7662-1-sergey.senozhatsky@gmail.com> <alpine.DEB.2.20.1703161401150.3566@digraph.polyomino.org.uk>
Hi,
On (03/16/17 14:02), Joseph Myers wrote:
> If this fixes a user-visible bug then the ChangeLog entry needs to include
> [BZ #N] referencing the bug filed in Bugzilla (and once the fix is in the
> bug needs to be resolved as FIXED with appropriate target milestone set).
> Is this bug 2753? If not, a new bug would need to be filed for it.
a) um... I assume glibc Bugzilla is located at https://sourceware.org/bugzilla/
and 2753, thus, is https://sourceware.org/bugzilla/show_bug.cgi?id=2753
if so, then, yes looks like I'm not the first one to point that out.
I'm not sure I see Ulrich's "You do not even understand how binary
searching works, do you? The sum can never exceed nmemb and nmemb
obviously fits into an size_t" point. it's a bug.
b) I guess I got the ChangeLog file format mostly right. well, not
entirely sure (does it have to be so complicated? :) )
c) I don't think I see what the "target milestone" is even supposed
to mean. Sorry! glibc version? min glibc version that requires a
backport of this fix (if there are -stable/LTS glibc releases)? etc.
etc. etc.
---8<---8<----
>From f4cbb4449cc8605ea5b223f2537b82224c8685e9 Mon Sep 17 00:00:00 2001
From: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
Date: Fri, 17 Mar 2017 00:31:44 +0900
Subject: [PATCH] stdlib-bsearch: middle element calculation may overflow
Middle element calculation may overflow at '__l + __u' when
__l and __u are large enough. Use distance between __u and
__l instead.
[BZ #2753]
* bits/stdlib-bsearch.h: Fix integer overflow.
Signed-off-by: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
---
ChangeLog | 5 +++++
bits/stdlib-bsearch.h | 2 +-
2 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/ChangeLog b/ChangeLog
index e0acd7d0c4..7142794922 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2017-03-17 Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
+
+ [BZ #2753]
+ * bits/stdlib-bsearch.h: Fix integer overflow.
+
2017-03-10 Stefan Liebler <stli@linux.vnet.ibm.com>
* math/auto-libm-test-out-catan: Regenerated.
diff --git a/bits/stdlib-bsearch.h b/bits/stdlib-bsearch.h
index eb145381fd..5fd8a8b607 100644
--- a/bits/stdlib-bsearch.h
+++ b/bits/stdlib-bsearch.h
@@ -28,7 +28,7 @@ bsearch (const void *__key, const void *__base, size_t __nmemb, size_t __size,
__u = __nmemb;
while (__l < __u)
{
- __idx = (__l + __u) / 2;
+ __idx = __l + (__u - __l) / 2;
__p = (void *) (((const char *) __base) + (__idx * __size));
__comparison = (*__compar) (__key, __p);
if (__comparison < 0)
--
2.12.0