[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [bug-gnulib] Re: iconvme again
|
From: |
Stepan Kasal |
|
Subject: |
Re: [bug-gnulib] Re: iconvme again |
|
Date: |
Thu, 24 Feb 2005 09:00:22 +0100 |
|
User-agent: |
Mutt/1.4.1i |
Hi,
On Thu, Feb 24, 2005 at 07:59:12AM +0100, Simon Josefsson wrote:
> Paul Eggert <address@hidden> writes:
> > For example, suppose MB_LEN_MAX is 16, inbytes_remaining is 2**24, and
> > we are on a 32-bit machine. Then
> >
> > size_t outbuf_size = (inbytes_remaining + 1) * MB_LEN_MAX;
> >
> > would set inbytes_remaining to 16, not zero.
>
> Yes, but that doesn't cause a buffer overrun, I think, because iconv
> will return ENOMEM when this situation occur, instead of overwriting
> the buffer. Only when outbuf_size==0 will iconv get incorrect input
> values.
yes, this is true.
> On the other hand, I think your patch make things more explicit and
> faster, when you think about the problem, even though it is more
> complex.
Let me repeat what Jakub said in the bugzilla: even in the case of
arithmetic overflow, we should try to perform conversion.
So if (SIZE_MAX / MB_LEN_MAX <= inbytes_remaining) or if the first
malloc fails, we should set
outbuf_size = inbytes_remaining + 1;
and try again.
Stepan
- [bug-gnulib] iconvme again, Simon Josefsson, 2005/02/22
- Re: [bug-gnulib] iconvme again, Paul Eggert, 2005/02/22
- [bug-gnulib] Re: iconvme again, Simon Josefsson, 2005/02/22
- [bug-gnulib] Re: iconvme again, Paul Eggert, 2005/02/22
- [bug-gnulib] Re: iconvme again, Simon Josefsson, 2005/02/23
- [bug-gnulib] Re: iconvme again, Paul Eggert, 2005/02/23
- [bug-gnulib] Re: iconvme again, Simon Josefsson, 2005/02/23
- [bug-gnulib] Re: iconvme again, Paul Eggert, 2005/02/23
- [bug-gnulib] Re: iconvme again, Simon Josefsson, 2005/02/24
- Re: [bug-gnulib] Re: iconvme again,
Stepan Kasal <=
- Re: [bug-gnulib] Re: iconvme again, Paul Eggert, 2005/02/24