Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 2 Dec 2023 10:42:11 +0900
From: Anuraag Agrawal <>
To: Markus Wichmann <>
Subject: Re: Large overflow in __intscan ignored


Thanks for checking and very sorry for the noise, I didn't read the loop
condition correctly. I am using Webassembly so the issue must be specific
to it somehow. I will report on wasi-libc to follow up.


On Sat, Dec 2, 2023, 01:21 Markus Wichmann <> wrote:

> Am Fri, Dec 01, 2023 at 02:08:54PM +0900 schrieb Anuraag Agrawal:
> > Currently, __intscan, used by functions like strtol, does not seem to
> check
> > for overflow during multiplication.
> >
> >
> >
> There is no multiplication in the referenced line. Assuming you mean the
> one above it, the loop condition checks that neither the multiplication
> nor the addition can overflow. The same holds for the loop on lines 79f.
> As far as I can tell, this has been the case since the first version of
> this code was checked in in 2012.
> Ciao,
> Markus

Content of type "text/html" skipped

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.