|
| From: | Paul Eggert |
| Subject: | Re: [PATCH] base32, base64: prefer signed to unsigned integers |
| Date: | Sun, 29 Aug 2021 10:25:54 -0700 |
| User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.11.0 |
On 8/29/21 3:16 AM, Bruno Haible wrote:
There may be invocations out there, of this function, with an argument between SIZE_MAX/2 and SIZE_MAX-1. Changing such calls to be undefined behaviour means that these invocations now need debugging in the packages that contain them.
Luckily these calls are not present in practical code (as opposed to artificial test cases).
IMO, it would be better to have code like this in base64_encode_alloc:
if (inlen < 0)
/* This argument is invalid, since the API change from 2021-08-28. */
abort ();
Another possibility would be to treat inlen < 0 the same as integer overflow. I could go either way.
| [Prev in Thread] | Current Thread | [Next in Thread] |