[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] base32, base64: prefer signed to unsigned integers

From: Paul Eggert
Subject: Re: [PATCH] base32, base64: prefer signed to unsigned integers
Date: Sun, 29 Aug 2021 10:25:54 -0700
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.11.0

On 8/29/21 3:16 AM, Bruno Haible wrote:

There may be invocations out there, of this
function, with an argument between SIZE_MAX/2 and SIZE_MAX-1. Changing
such calls to be undefined behaviour means that these invocations now
need debugging in the packages that contain them.

Luckily these calls are not present in practical code (as opposed to artificial test cases).

IMO, it would be better to have code like this in base64_encode_alloc:

  if (inlen < 0)
    /* This argument is invalid, since the API change from 2021-08-28.  */
    abort ();

Another possibility would be to treat inlen < 0 the same as integer overflow. I could go either way.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]