Bug#517714: marked as done (glibc: possible signed integer overflow in libio/iogetdelim.c)

To: Stéphane Aulery <lkppo@free.fr>
Subject: Bug#517714: marked as done (glibc: possible signed integer overflow in libio/iogetdelim.c)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Thu, 24 Apr 2014 16:03:13 +0000
Message-id: <[🔎] handler.517714.D517714.139835515115450.ackdone@bugs.debian.org>
References: <20140424155551.GA10616@free.fr> <20090301164059.GA668@cavendish.icomputing.pl>

Your message dated Thu, 24 Apr 2014 17:55:51 +0200
with message-id <20140424155551.GA10616@free.fr>
and subject line glibc: possible signed integer overflow in libio/iogetdelim.c
has caused the Debian Bug report #517714,
regarding glibc: possible signed integer overflow in libio/iogetdelim.c
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
517714: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=517714
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: glibc: possible signed integer overflow in libio/iogetdelim.c

From: Jakub Wilk <ubanus@users.sf.net>

Date: Sun, 1 Mar 2009 17:40:59 +0100

Message-id: <20090301164059.GA668@cavendish.icomputing.pl>
Package: libc6
Version: 2.9-3
Severity: minor

An excerpt from gcc manual page:

  -fstrict-overflow
Allow the compiler to assume strict signed overflow rules, dependingon the language being compiled. For C (and C++) this means thatoverflow when doing arithmetic with signed numbers is undefined, whichmeans that the compiler may assume that it will not happen.[...]When this option is in effect any attempt to determine whether anoperation on signed numbers will overflow must be written carefully tonot actually involve overflow.
  [...]
  The -fstrict-overflow option is enabled at levels -O2, -O3, -Os.

(Note that glibc is compiled with -O2 in Debian.)
I guess the following code snippet from libio/iogetdelim.c could serveas an example how *not* to write code, when this option is turned on:
  if (__builtin_expect (cur_len + len + 1 < 0, 0))
    {
      __set_errno (EOVERFLOW);
      result = -1;
      goto unlock_return;
    }

--
Jakub Wilk
--- End Message ---

--- Begin Message ---

To: 517714-done@bugs.debian.org

Cc: control@bugs.debian.org

Subject: glibc: possible signed integer overflow in libio/iogetdelim.c

From: Stéphane Aulery <lkppo@free.fr>

Date: Thu, 24 Apr 2014 17:55:51 +0200

Message-id: <20140424155551.GA10616@free.fr>
fixed 517714 eglibc/2.17-0experimental0
stop

See https://sourceware.org/bugzilla/show_bug.cgi?id=9914#c12

-- 
Stéphane Aulery
--- End Message ---

Reply to:

Prev by Date: Processed: glibc: possible signed integer overflow in libio/iogetdelim.c
Next by Date: r6024 - in glibc-package/branches/eglibc-2.19/debian: . patches patches/kfreebsd
Previous by thread: Processed: glibc: possible signed integer overflow in libio/iogetdelim.c
Next by thread: r6024 - in glibc-package/branches/eglibc-2.19/debian: . patches patches/kfreebsd
Index(es):
- Date
- Thread