[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Bug-gnulib] gnulib README patch for size_t addition overflow
|
From: |
Bruno Haible |
|
Subject: |
Re: [Bug-gnulib] gnulib README patch for size_t addition overflow |
|
Date: |
Tue, 18 Nov 2003 12:43:04 +0100 |
|
User-agent: |
KMail/1.5 |
Paul Eggert wrote:
> + * If an existing object has size S, and if T is sufficiently small
> + (e.g., 8 KiB), then S + T cannot overflow. Overflow in this case
> + would mean that the rest of your program fits into T bytes, which
> + can't happen in realistic flat-address-space hosts.
A specialization of this statement (with S = SIZE_MAX and T = 1) is that
malloc (SIZE_MAX) is guaranteed to fail. But on 2003-11-01 you said:
> it assumes that malloc (SIZE_MAX) always fails, which is probably a
> portable assumption but is a bit worrisome nonetheless.
So is it worrisome or not? Do we need the 'size_overflow_p' checks before
malloc() or not?
For my part, I don't want to redo the size_t checking patches to linebreak.c,
vasnprintf.c, etc. the day we notice that malloc (SIZE_MAX) unexpectedly
succeeds on platform XYZ. I make the patches bullet-proof.
Bruno