[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug-gnulib] Re: iconvme again
|
From: |
Simon Josefsson |
|
Subject: |
[bug-gnulib] Re: iconvme again |
|
Date: |
Thu, 24 Feb 2005 07:59:12 +0100 |
|
User-agent: |
Gnus/5.110003 (No Gnus v0.3) Emacs/22.0.50 (gnu/linux) |
Paul Eggert <address@hidden> writes:
> Simon Josefsson <address@hidden> writes:
>
>> It was proposed in
>>
>> http://sources.redhat.com/bugzilla/show_bug.cgi?id=756
>>
>> to simplify the overflow check to
>>
>> if (outbuf_size == 0)
>> {
>> errno = ENOMEM;
>> return NULL;
>> }
>
> No, that check is incorrect. outbuf_size isn't set to zero when an
> overflow occurs. Unsigned arithmetic wraps around, so outbuf_size
> could be any of a wide variety of values in the size_t range.
>
> For example, suppose MB_LEN_MAX is 16, inbytes_remaining is 2**24, and
> we are on a 32-bit machine. Then
>
> size_t outbuf_size = (inbytes_remaining + 1) * MB_LEN_MAX;
>
> would set inbytes_remaining to 16, not zero.
Yes, but that doesn't cause a buffer overrun, I think, because iconv
will return ENOMEM when this situation occur, instead of overwriting
the buffer. Only when outbuf_size==0 will iconv get incorrect input
values.
On the other hand, I think your patch make things more explicit and
faster, when you think about the problem, even though it is more
complex.
Thanks,
Simon
- [bug-gnulib] iconvme again, Simon Josefsson, 2005/02/22
- Re: [bug-gnulib] iconvme again, Paul Eggert, 2005/02/22
- [bug-gnulib] Re: iconvme again, Simon Josefsson, 2005/02/22
- [bug-gnulib] Re: iconvme again, Paul Eggert, 2005/02/22
- [bug-gnulib] Re: iconvme again, Simon Josefsson, 2005/02/23
- [bug-gnulib] Re: iconvme again, Paul Eggert, 2005/02/23
- [bug-gnulib] Re: iconvme again, Simon Josefsson, 2005/02/23
- [bug-gnulib] Re: iconvme again, Paul Eggert, 2005/02/23
- [bug-gnulib] Re: iconvme again,
Simon Josefsson <=
- Re: [bug-gnulib] Re: iconvme again, Stepan Kasal, 2005/02/24
- Re: [bug-gnulib] Re: iconvme again, Paul Eggert, 2005/02/24