[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-gnulib] gnulib README patch for size_t addition overflow

From: Bruno Haible
Subject: Re: [Bug-gnulib] gnulib README patch for size_t addition overflow
Date: Tue, 18 Nov 2003 12:43:04 +0100
User-agent: KMail/1.5

Paul Eggert wrote:
> + * If an existing object has size S, and if T is sufficiently small
> +   (e.g., 8 KiB), then S + T cannot overflow.  Overflow in this case
> +   would mean that the rest of your program fits into T bytes, which
> +   can't happen in realistic flat-address-space hosts.

A specialization of this statement (with S = SIZE_MAX and T = 1) is that
malloc (SIZE_MAX) is guaranteed to fail. But on 2003-11-01 you said:

> it assumes that malloc (SIZE_MAX) always fails, which is probably a
> portable assumption but is a bit worrisome nonetheless.

So is it worrisome or not? Do we need the 'size_overflow_p' checks before
malloc() or not?

For my part, I don't want to redo the size_t checking patches to linebreak.c,
vasnprintf.c, etc. the day we notice that malloc (SIZE_MAX) unexpectedly
succeeds on platform XYZ. I make the patches bullet-proof. 


reply via email to

[Prev in Thread] Current Thread [Next in Thread]