This is the mail archive of the
glibc-bugs@sources.redhat.com
mailing list for the glibc project.
[Bug libc/756] missing arithmetic overflow check
- From: "jakub at redhat dot com" <sourceware-bugzilla at sources dot redhat dot com>
- To: glibc-bugs at sources dot redhat dot com
- Date: 24 Feb 2005 00:59:23 -0000
- Subject: [Bug libc/756] missing arithmetic overflow check
- References: <20050222195246.756.simon@josefsson.org>
- Reply-to: sourceware-bugzilla at sources dot redhat dot com
------- Additional Comments From jakub at redhat dot com 2005-02-24 00:59 -------
With inbytes_remaining 2**24 outbuf_size will be 0x10000010.
With 2**28 outbuf_size will be 16, sure, but that still doesn't mean the string
can't be converted.
iconv honors whatever outbytes_remaining it is given, so the only problem
is if outbytes_remaining is -1 and outbuf_size is 0, then we allocated less than
we are telling iconv there is available.
The initial outbuf_size computation is in fact just a hint, so the routine
shouldn't fail just because it tried to allocate too large buffer.
The output string might be shortern than input string, or about the same length,
not 16 times longer.
It can do
if (outbuf_size <= inbytes_remaining) outbuf_size = inbytes_remaining + 1;
or something similar and let the ENOMEM only pop up if malloc or realloc
fails. And perhaps if the first malloc fails, but outbuf_size is bigger than
inbytes_remaining + 1, it could retry with outbuf_size = inbutes_remaining + 1.
--
http://sources.redhat.com/bugzilla/show_bug.cgi?id=756
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.