[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-gnulib] checking for overflow

From: Jim Meyering
Subject: Re: [Bug-gnulib] checking for overflow
Date: Mon, 20 Oct 2003 17:22:54 +0200

address@hidden (Karl Berry) wrote:
>     Now Paul is working on more overflow checks in many places.
> Is this really worth it?  Won't there be hundreds or thousands?
> The complexity of our code is growing by leaps and bounds.

IMHO it is worth it.
Pretty many parts of GNU tools already check for overflow, though there
are still many places where allocating 2-4GB will cause unnecessary
failure.  It's not necessary to make the code much more complex.
With the new xnmalloc and xnrealloc functions, it's easy to encapsulate
such checks -- at least when they relate to allocating memory.

Of course, fixing them all is a daunting task.
However, some of them really are important and exploitable.
You may have seen the one regarding a recently-fixed bug in `ls -C -w N'.
For some large values of N, ls would hit an address overflow
bug and segfault.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]