bug-gnulib
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-gnulib] xalloc.h proposed fix to detect potential ptrdiff_t ove


From: Paul Eggert
Subject: Re: [Bug-gnulib] xalloc.h proposed fix to detect potential ptrdiff_t overflow
Date: 24 Nov 2003 14:46:07 -0800
User-agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.3

Bruno Haible <address@hidden> writes:

> > We don't have time to scan all of gnulib,
> > coreutils, tar, diffutils, etc., looking for all instances of pointer
> > subtraction to see whether there's a problem.
> 
> A gcc warning would help here, right? (I'm serious. Since we have a flaw
> in the C language, the right place to help working around it is GCC.)

Yes, it would help if you really wanted to stamp out all uses of
pointer subtraction.  However I prefer the other approach, where the
programs are written so that pointer subtraction cannot possibly
overflow.

Changing the subject a bit, you mentioned a few messages ago that the
problem can occur only when allocating arrays of objects each of size
1.  Unfortunately this is not true in general, as larger objects can
contain smaller components, and C defines pointer subtraction for
pointers to such components (until ptrdiff_t overflow occurs, that
is).  E.g.:

// For purposes of this example, assume a typical 32-bit host where
// sizeof (struct s) == 8, SIZE_MAX == 2**32 - 1, PTRDIFF_MAX == 2**31 - 1.
struct s { char c[4]; int i; };
size_t n = 1 << 28;
struct s *p = malloc (n * sizeof *p); // This allocates a 2 GiB array.
if (p)
  {
    struct s *q = p + n;
    // No overflow has occurred yet.
    if (p->c - q->c < 0)
      overflow (); // This code is reachable.
  }




reply via email to

[Prev in Thread] Current Thread [Next in Thread]