[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: xalloc.h (x2nrealloc): Don't always double the buffer size.
From: |
Jim Meyering |
Subject: |
Re: xalloc.h (x2nrealloc): Don't always double the buffer size. |
Date: |
Sun, 04 Feb 2007 12:32:44 +0100 |
Paul Eggert <address@hidden> wrote:
> Jim Meyering <address@hidden> writes:
>
>> - if (((size_t) -1) / 2 / s < n)
>> + if ((2 * (((size_t) -1 - 1) / 3)) / s < n)
>
> That's not quite right. As an extreme case, suppose S is
> SIZE_MAX/4 + 1 and N is 2. Then (2 * (((size_t) -1 - 1) / 3)) / S
> evaluates to 2 and N will appear to be in range here, but:
>
>> + n = n + n / 2 + 1;
>
> will cause N to become 4, and N * S will then overflow.
>
> I installed this:
>
> 2007-02-03 Paul Eggert <address@hidden>
>
> * lib/xalloc.h (x2nrealloc): Fix an unlikely bug in the overflow
> checking code. Set N = ceil (1.5 * N) rather than to a slightly
> larger value.
Good catch!
Thanks.