[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#7357: csplit: memory exhausted when using stdout / pipe instead of a

From: Eric Blake
Subject: bug#7357: csplit: memory exhausted when using stdout / pipe instead of a file
Date: Wed, 10 Nov 2010 11:49:58 -0700
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv: Gecko/20101103 Fedora/1.0-0.33.b2pre.fc14 Lightning/1.0b3pre Mnenhy/0.8.3 Thunderbird/3.1.6

On 11/10/2010 11:40 AM, Paul Eggert wrote:
>> +  unsigned int max_digit_string_len
>> +    = (suffix
>> +       ? max_out (suffix)
>> +       : MAX (INT_STRLEN_BOUND (unsigned int), digits));
> That should be size_t, not unsigned int, since max_out
> returns a size_t, and it could return a value greater than
> UINT_MAX.  For example, the user might run "csplit -b %4294967296d"
> and on a 64-bit host max_out will return UINTMAX + 1.
> While we're on the subject of undefined printf behavior, perhaps
> we should be rejecting any attempt to use a printf format like
> %4294967296d that uses a width or precision greater than INT_MAX?
> POSIX seems to say that such a format should work, but I'll bet
> nobody does it right (glibc doesn't).

Actually, the next version of POSIX will require EOVERFLOW if printf is
directed to print more than INT_MAX bytes:


>  For safety we might want
> to be truncating large widths or precisions to INT_MAX, or
> rejecting them.

There's also the matter that %*d can only go up to INT_MAX bytes; it
would make sense to reject larger widths if we cannot safely rewrite a
user's %nnnd,value into %*d,nnn,value.

Eric Blake   address@hidden    +1-801-349-2682
Libvirt virtualization library http://libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]