From: Szabolcs Nagy <nsz@port70.net>
To: musl@lists.openwall.com
Subject: Re: Possible infinite loop in qsort()
Date: Sun, 10 Jan 2016 13:15:57 +0100 [thread overview]
Message-ID: <20160110121557.GR23362@port70.net> (raw)
In-Reply-To: <20160110113852.GE2016@debian>
* Markus Wichmann <nullplan@gmx.net> [2016-01-10 12:38:53 +0100]:
> What I did was make sure that nel * width is greater than the greatest
> Leonardo number * width that's representable in the architecture's
> size_t. That is possible for every given width. The inequation I just
size_t overflow is not a problem
unsigned overflow is well defined and the loop is guaranteed
to finish, the only question if it finishes before lp array
is filled, and the answer is yes if object size is restricted
to <= SIZE_MAX/2
> gave boils down to nel > max{l | l is Leonardo number, l * width < 2^32}
>
> But since there are (plenty of) Leonardo numbers between 2^31 and 2^32,
> and object size (nel * width) is limited to <2^31, with a valid object
> the calculation can't overflow. And with an invalid object, I don't know
> if the code as given would even work, as pointer differences wouldn't
> work. Haven't tested that one, either.
invalid input is ub and qsort does not try catch such ub
next prev parent reply other threads:[~2016-01-10 12:15 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-01-09 8:21 Markus Wichmann
2016-01-09 9:07 ` Felix Janda
2016-01-10 4:05 ` Rich Felker
2016-01-10 10:33 ` Szabolcs Nagy
2016-01-10 11:38 ` Alexander Monakov
2016-01-10 11:38 ` Markus Wichmann
2016-01-10 12:15 ` Szabolcs Nagy [this message]
2016-01-12 12:25 ` Alexander Cherepanov
2016-01-12 12:48 ` Szabolcs Nagy
2016-01-12 14:31 ` Alexander Cherepanov
2016-01-12 16:22 ` Szabolcs Nagy
2016-01-14 22:21 ` Rich Felker
2016-01-14 22:17 ` Rich Felker
2016-01-10 16:35 ` Morten Welinder
2016-01-10 16:45 ` Jens Gustedt
2016-01-12 10:30 ` Alexander Cherepanov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160110121557.GR23362@port70.net \
--to=nsz@port70.net \
--cc=musl@lists.openwall.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/musl/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).