Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 10 Aug 2011 14:33:35 -0400
From: Rich Felker <dalias@...ifal.cx>
To: musl@...ts.openwall.com
Subject: Re: New daily reports - nothing

On Wed, Aug 10, 2011 at 08:34:46PM +0200, Luka Marčetić wrote:
> On 08/10/2011 08:21 PM, Rich Felker wrote:
> >On Wed, Aug 10, 2011 at 08:23:37PM +0200, Luka Marčetić wrote:
> >>On 08/10/2011 07:33 PM, Rich Felker wrote:
> >>>What about SIZE_MAX>>(4*sizeof(size_t))?
> >>Never heard of it. What about PTRDIFF_MAX though?
> >My point was that SIZE_MAX>>(4*sizeof(size_t)) is an easy way to get
> >the square root of SIZE_MAX without long double arithmetic.
> 
> Doesn't seem that easy to me.

It is. That's the beauty of logarithms.

> >PTRDIFF_T
> >is rather irrelevant to testing calloc overflows, where the whole
> >point is that A*B overflows SIZE_MAX and results in a small integer
> >value where the allocation will certainly succeed.
> 
> The task says I should test for PTRDIFF_T. So i tried to make a
> general function.

Testing if malloc allocates memory larger than PTRDIFF_MAX is
independent of testing if calloc is subject to multiplication overflow
vulnerabilities.

Rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.