Re: split.c - size

bug-coreutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: split.c - size_t overflow

From:	Jim Meyering
Subject:	Re: split.c - size_t overflow
Date:	Sun, 08 Mar 2009 15:22:13 +0100

Chris Penev wrote:
> Line 153 - 157
> ...
>     153:    size_t outbase_length = strlen (outbase);
>     154:    size_t outfile_length = outbase_length + suffix_length;
>     155:    if (outfile_length + 1 < outbase_length)
>     156:        xalloc_die ();
>     157:    outfile = xmalloc (outfile_length + 1);
> ...
>
> If suffix_length SIZE_MAX the check on line 155 is bypassed.

Thanks for the analysis and the report.  That is true.
However, the code that sets suffix_length ensures that it
is no larger than SIZE_MAX / sizeof (size_t), so there's no problem.

[Prev in Thread]

Current Thread

[Next in Thread]

split.c - size_t overflow, Chris Penev, 2009/03/08
- Re: split.c - size_t overflow, Jim Meyering <=

Prev by Date: split.c - size_t overflow
Next by Date: Did I found a bug in "ls"?
Previous by thread: split.c - size_t overflow
Next by thread: Did I found a bug in "ls"?
Index(es):
- Date
- Thread