This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH 2/2 v1.1][BZ #14547] Fix CVE-2012-4412
- From: Siddhesh Poyarekar <siddhesh dot poyarekar at gmail dot com>
- To: Ondřej Bílka <neleai at seznam dot cz>
- Cc: Siddhesh Poyarekar <siddhesh at redhat dot com>, Andreas Schwab <schwab at suse dot de>, GNU C Library <libc-alpha at sourceware dot org>
- Date: Sat, 24 Aug 2013 18:40:18 +0530
- Subject: Re: [PATCH 2/2 v1.1][BZ #14547] Fix CVE-2012-4412
- References: <20130630164500 dot GF2654 at spoyarek dot pnq dot redhat dot com> <mvmehagsfhm dot fsf at hawking dot suse dot de> <20130821151403 dot GB15273 at spoyarek dot pnq dot redhat dot com> <20130821160808 dot GA4369 at domone dot kolej dot mff dot cuni dot cz> <CAAHN_R2UwiuNAXyqv7QvZzkbfy7vqAMn1EQ-ka82OFUogChVvQ at mail dot gmail dot com> <20130824062248 dot GA16906 at domone dot kolej dot mff dot cuni dot cz>
On 24 August 2013 11:52, OndÅej BÃlka <neleai@seznam.cz> wrote:
>> It eliminates nesting and makes code easier to read. Not all goto is evil.
>>
> Not all but this is. If you do not want nesting use following:
Since you're not going to give a valid reason for your belief, I'm
just going to state that I like my goto approach better because it
looks less silly to me compared to a blank if block. I'll just wait
for another opinion on this because I don't want to waste time
bikeshedding.
Siddhesh
> diff --git a/string/strcoll_l.c b/string/strcoll_l.c
> index eb042ff..f76c30a 100644
> --- a/string/strcoll_l.c
> +++ b/string/strcoll_l.c
> @@ -523,8 +523,13 @@ STRCOLL (const STRING_TYPE *s1, const STRING_TYPE *s2, __locale_t l)
>
> memset (&seq1, 0, sizeof (seq1));
> seq2 = seq1;
> -
> - if (! __libc_use_alloca ((s1len + s2len) * (sizeof (int32_t) + 1)))
> + if (MIN (s1len, s2len) > size_max
> + || MAX (s1len, s2len) > size_max - MIN (s1len, s2len))
> + {
> + /* If the strings are long enough to cause overflow in the size request, then
> + skip the allocation and proceed with the non-cached routines. */
> + }
> + else if (! __libc_use_alloca ((s1len + s2len) * (sizeof (int32_t) + 1)))
> {
> seq1.idxarr = (int32_t *) malloc ((s1len + s2len) * (sizeof (int32_t) + 1));
>
--
http://siddhesh.in