[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Bug-gnulib] checking for overflow
From: |
Bruno Haible |
Subject: |
Re: [Bug-gnulib] checking for overflow |
Date: |
Mon, 20 Oct 2003 13:45:26 +0200 |
User-agent: |
KMail/1.5 |
Jim Meyering wrote:
> Did you mean to remove the part of my patch that would make
> vasnprintf fail when doubling the amount of space would
> result in overflow?
Yes, I removed it because your patch didn't address the overflow in
the other places: vasnprintf.c lines 123, 151, 163 etc. Either do the
checking entirely, or don't do it at all.
Now Paul is working on more overflow checks in many places. What I'm
missing here is a general policy.
a) About the technical means: We could use gcc's flag -ftrapv (which
should, starting with gcc-3.4, finally work). Or do we put the
checking into the code, assuming that normal int opeations are
modulo 2^32 ?
b) Which places are considered dangerous? Only those where an overflow
can easily happen when unintended, as in multiplication (xcalloc
and friends)? Or does _any_ addition of a size_t to another size_t
count as overflow opportunity?
Bruno