Bug#517714: glibc: possible signed integer overflow in libio/iogetdelim.c
Package: libc6
Version: 2.9-3
Severity: minor
An excerpt from gcc manual page:
-fstrict-overflow
Allow the compiler to assume strict signed overflow rules, depending
on the language being compiled. For C (and C++) this means that
overflow when doing arithmetic with signed numbers is undefined, which
means that the compiler may assume that it will not happen.
[...]
When this option is in effect any attempt to determine whether an
operation on signed numbers will overflow must be written carefully to
not actually involve overflow.
[...]
The -fstrict-overflow option is enabled at levels -O2, -O3, -Os.
(Note that glibc is compiled with -O2 in Debian.)
I guess the following code snippet from libio/iogetdelim.c could serve
as an example how *not* to write code, when this option is turned on:
if (__builtin_expect (cur_len + len + 1 < 0, 0))
{
__set_errno (EOVERFLOW);
result = -1;
goto unlock_return;
}
--
Jakub Wilk
Reply to: