[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Bug-gnulib] vasprintf proposed fix for int overflow check
|
From: |
Bruno Haible |
|
Subject: |
Re: [Bug-gnulib] vasprintf proposed fix for int overflow check |
|
Date: |
Fri, 31 Oct 2003 12:40:31 +0100 |
|
User-agent: |
KMail/1.5 |
Paul Eggert wrote:
> The gnulib buffer-overrun
> fixes alone are already taking more free time than I have.
Please continue with these fixes. I've recently exploited an 'int'
overflow in a Java class in order to get some different GUI behaviour than
what was intended by the programmers; now I can estimate what one can "do"
with malicious overflow...
> Can't we at least have the code work on non-glibc platforms in the
> meantime?
The fix against the size_t -> int conversion overflow is committed. What
we don't agree upon is whether asprintf() and vasprintf() should set errno
in case of failure; this is a different issue.
> I'd rather not have the glibc problems inhibit progress elsewhere.
The kind of progress that we are seeking on the latter issue is to
standardize that asprintf() and vasprintf() set errno. You can bypass
glibc on this issue only if you go directly to the Austin group.
Bruno