This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: Ping Re: Fix strtod integer/buffer overflow (bug 14459)
On 8/27/2012 12:55 PM, Joseph S. Myers wrote:
> Carlos, is this 2.16 backport OK? Tested x86_64 and x86.
>
> diff --git a/ChangeLog b/ChangeLog
> index c64f0ac..ac7f88c 100644
> --- a/ChangeLog
> +++ b/ChangeLog
> @@ -1,3 +1,20 @@
> +2012-08-27 Joseph Myers <joseph@codesourcery.com>
> +
> + [BZ #14459]
> + * stdlib/strtod_l.c: Include <stdint.h>.
> + (NDEBUG): Do not define.
> + (round_and_return): Change EXPONENT parameter to type intmax_t.
> + Rearrange calculations to avoid internal overflow possibilities.
> + (str_to_mpn): Change EXPONENT parameter to type intmax_t *.
> + Rearrange calculations to avoid internal overflow possibilities.
> + Assert that number fits inside MPNSIZE limbs.
> + (____STRTOF_INTERNAL): Change EXPONENT variable to type intmax_t.
> + Change DIG_NO, INT_NO and LEAD_ZERO to type size_t. Rearrange
> + calculations and add assertions to avoid internal overflow
> + possibilities. Add casts to avoid signed/unsigned operations.
> + * stdlib/tst-strtod-overflow.c: New file.
> + * stdlib/Makefile (tests): Add tst-strtod-overflow.
This patch adds a dozen new asserts to the various code paths.
Could you explain in some detail why the asserts are needed as
opposed to diagnosing a condition and returning an error?
I know that this question applies equally to trunk, but this
is the first chance I've had to review the code.
Cheers,
Carlos.
--
Carlos O'Donell
Mentor Graphics / CodeSourcery
carlos_odonell@mentor.com
carlos@codesourcery.com
+1 (613) 963 1026