This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH] Dynamic growable arrays for internal use

From: Paul Eggert <eggert at cs dot ucla dot edu>
To: Florian Weimer <fweimer at redhat dot com>, Joseph Myers <joseph at codesourcery dot com>
Cc: GNU C Library <libc-alpha at sourceware dot org>
Date: Fri, 5 May 2017 15:31:44 -0700
Subject: Re: [PATCH] Dynamic growable arrays for internal use
Authentication-results: sourceware.org; auth=none
References: <edae68d6-998b-58a6-a8df-82703341da23@redhat.com> <alpine.DEB.2.20.1704241401140.28943@digraph.polyomino.org.uk> <373c24b0-4d73-cf0a-b264-8a958aff6f2b@redhat.com> <75225ee3-2ae6-7a19-07be-e33818a43ac5@cs.ucla.edu> <2c8be504-90ad-6178-6698-fe61308af98c@redhat.com>

On 05/05/2017 08:23 AM, Florian Weimer wrote:

You just have to be careful with pointer differences.


Not just with pointer differences, but also in index and size calculations.

Although the problem is in the calling code not in the module itself, itis a common problem, and unfortunately it can lead to serious issuesthat are not easily detected because unsigned arithmetic is well-definedto wrap around. In practice, just saying "callers must be careful" isnot good enough.

As no realistic user of this module should need to allocate objectscontaining more than PTRDIFF_MAX bytes, it is a reasonable engineeringdecision for it to reject such objects in the interest of overall glibcreliability.

References:
- Re: [PATCH] Dynamic growable arrays for internal use
  - From: Florian Weimer
- Re: [PATCH] Dynamic growable arrays for internal use
  - From: Paul Eggert
- Re: [PATCH] Dynamic growable arrays for internal use
  - From: Florian Weimer

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]