Date: Mon, 11 Jan 2010 15:12:35 +0100 From: Joerg Sonnenberger <joerg@britannica.bec.de> To: svn-src-all@freebsd.org Subject: Re: svn commit: r201999 - head/lib/libc/stdio Message-ID: <20100111141235.GE12281@britannica.bec.de> In-Reply-To: <20100111134429.F1302@besplex.bde.org> References: <201001101430.o0AEUURS051917@svn.freebsd.org> <20100110212548.GA47331@nagual.pp.ru> <4B4A5252.9070205@freebsd.org> <20100111134429.F1302@besplex.bde.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jan 11, 2010 at 02:29:03PM +1100, Bruce Evans wrote: > calloc() has the same overflow bug, if any. Standards seem to require > fread and calloc to work even if the multiplication would occur, though > they cannot work in most cases where the multiplication would occur, > even if the overflow is avoided. Well, calloc on any BSD supported architecture can not allocate more than SIZE_MAX (or SIZE_MAX itself). There is an error defined for that. fread and fwrite will access invalid addressses, so doing nothing would be a correct implementation of "undefined". Cutting it off at SIZE_MAX/size seems silly as it would give the same behavior. Frankly, I would just back this out and let the application hit the wall... Joerg
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20100111141235.GE12281>