[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Bug-gnulib] vasprintf proposed fix for int overflow check
From: |
Bruno Haible |
Subject: |
Re: [Bug-gnulib] vasprintf proposed fix for int overflow check |
Date: |
Thu, 30 Oct 2003 15:08:45 +0100 |
User-agent: |
KMail/1.5 |
> 2003-10-29 Paul Eggert <address@hidden>
>
> * vasprintf.c: Include <errno.h>, <limits.h>, <stdlib.h>.
> (vasprintf) [defined EOVERFLOW]: If the resulting length
> exceeds INT_MAX, report an EOVERFLOW error.
Well spotted (although highly theoretical if you don't have a machine
with lots of RAM ;-)).
Since asprintf() and vasprintf() are not specified to set errno in case
of failure - neither in our vasprintf.h nor in glibc's documentation -
you don't need to care about EOVERFLOW. I've thus committed this patch.
2003-10-30 Paul Eggert <address@hidden>
Bruno Haible <address@hidden>
* vasprintf.c: Include <limits.h>, <stdlib.h>.
(vasprintf): Fail if the resulting length doesn't fit in an 'int'.
diff -c -3 -r1.2 vasprintf.c
*** vasprintf.c 14 Jul 2003 22:44:04 -0000 1.2
--- vasprintf.c 30 Oct 2003 14:05:15 -0000
***************
*** 1,5 ****
/* Formatted output to strings.
! Copyright (C) 1999, 2002 Free Software Foundation, Inc.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
--- 1,5 ----
/* Formatted output to strings.
! Copyright (C) 1999, 2002-2003 Free Software Foundation, Inc.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
***************
*** 22,27 ****
--- 22,30 ----
/* Specification. */
#include "vasprintf.h"
+ #include <limits.h>
+ #include <stdlib.h>
+
#include "vasnprintf.h"
int
***************
*** 31,36 ****
--- 34,47 ----
char *result = vasnprintf (NULL, &length, format, args);
if (result == NULL)
return -1;
+ if (length > INT_MAX)
+ {
+ /* We could produce such a big string, but can't return its length
+ as an 'int'. */
+ free (result);
+ return -1;
+ }
+
*resultp = result;
/* Return the number of resulting bytes, excluding the trailing NUL. */
return length;