[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: oops? read/write vs type of length parameter

From: Eli Zaretskii
Subject: Re: oops? read/write vs type of length parameter
Date: Wed, 13 Apr 2011 02:49:00 -0400

> Date: Tue, 12 Apr 2011 22:14:48 -0700
> From: Paul Eggert <address@hidden>
> CC: address@hidden, address@hidden
> And Eli, this avoids the problem where the size is so large that a
> signed return value would overflow and become negative.

The concern was not only about that.  It was also about a mistaken
call to emacs_write with a negative value in the last argument.  Using
size_t there will cause that negative value to appear as a large
positive value within emacs_write, and will potentially crash Emacs
because the call to write will try to reference memory outside of the
Emacs address space.

That danger still exists with your proposed version of emacs_write,
AFAICS.  At the very least, we should have at the beginning of
emacs_write something like this:

  if ((ssize_t) nbyte < 0)
    return nbyte;

reply via email to

[Prev in Thread] Current Thread [Next in Thread]