[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug-gnulib] Re: iconvme again

From: Simon Josefsson
Subject: [bug-gnulib] Re: iconvme again
Date: Thu, 24 Feb 2005 07:59:12 +0100
User-agent: Gnus/5.110003 (No Gnus v0.3) Emacs/22.0.50 (gnu/linux)

Paul Eggert <address@hidden> writes:

> Simon Josefsson <address@hidden> writes:
>> It was proposed in
>> http://sources.redhat.com/bugzilla/show_bug.cgi?id=756
>> to simplify the overflow check to
>> if (outbuf_size == 0)
>>   {
>>     errno = ENOMEM;
>>     return NULL;
>>   }
> No, that check is incorrect.  outbuf_size isn't set to zero when an
> overflow occurs.  Unsigned arithmetic wraps around, so outbuf_size
> could be any of a wide variety of values in the size_t range.
> For example, suppose MB_LEN_MAX is 16, inbytes_remaining is 2**24, and
> we are on a 32-bit machine.  Then
>   size_t outbuf_size = (inbytes_remaining + 1) * MB_LEN_MAX;
> would set inbytes_remaining to 16, not zero.

Yes, but that doesn't cause a buffer overrun, I think, because iconv
will return ENOMEM when this situation occur, instead of overwriting
the buffer.  Only when outbuf_size==0 will iconv get incorrect input

On the other hand, I think your patch make things more explicit and
faster, when you think about the problem, even though it is more


reply via email to

[Prev in Thread] Current Thread [Next in Thread]