[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Bug-gnulib] gnulib README patch for size_t addition overflow
|
From: |
Paul Eggert |
|
Subject: |
Re: [Bug-gnulib] gnulib README patch for size_t addition overflow |
|
Date: |
18 Nov 2003 12:26:44 -0800 |
|
User-agent: |
Gnus/5.09 (Gnus v5.9.0) Emacs/21.3 |
address@hidden (Karl Berry) writes:
> How about just making xmalloc reject SIZE_MAX? That is what everyone
> already uses.
xmalloc already rejects SIZE_MAX, but we're talking about code that
does not use xmalloc for one reason or another.
Three things.
First, it sounds like xmalloc should also reject PTRDIFF_MAX, to avoid
undefined behavior when programs subtract pointers into the resulting
arrays. This would be simpler than worrying adding more
overflow-checking in all of xmalloc's callers that use pointer
subtraction. I'll propose a patch along these lines shortly.
Second, some gnulib modules should invoke xmalloc instead of malloc,
since the callers always do the equivalent of xalloc_die if the
modules' functions fail. This would improve the quality of checking
for these modules too. These modules include backupfile, modechange,
and path-concat. I've drafted patches for these but haven't had time
to test them and check them in yet.
Third, even after the above fixes, there will be some code that
doesn't use xmalloc for whatever reason, and somebody needs to examine
it to make sure that it doesn't have ptrdiff_t overflow problems.
(Before doing that, though, I'd like to have consensus that ptrdiff_t
is the right type here, not size_t.)