From: Rich Felker <dalias@libc.org>
To: Anuraag Agrawal <anuraaga@gmail.com>
Cc: musl@lists.openwall.com
Subject: Re: [musl] Re: Large overflow in __intscan ignored
Date: Fri, 1 Dec 2023 10:52:40 -0500 [thread overview]
Message-ID: <20231201155240.GB4163@brightrain.aerifal.cx> (raw)
In-Reply-To: <CAOWvS+0cZ03MsaRyOWWjZ_Ut1Lj+BVQjyRaEQ+ozgPSBTNyKRQ@mail.gmail.com>
On Fri, Dec 01, 2023 at 02:14:03PM +0900, Anuraag Agrawal wrote:
> Oops, sorry I should have mentioned, the inputs I am working with that do
> not set errno are
>
> 999999999999999999999
> 1000000000000000000000
> 4790999999999999999999999999999999999999999999999999999999999999999999999999999999999999
> 9999999999999999999999999999999999999999999999999999999999999999999999999999999999999999
>
> For context, they come from test cases in libpg_query
>
> https://github.com/pganalyze/libpg_query/blob/15-latest/test/scan_tests.c#L30
>
> On Fri, Dec 1, 2023 at 2:08 PM Anuraag Agrawal <anuraaga@gmail.com> wrote:
>
> > Currently, __intscan, used by functions like strtol, does not seem to
> > check for overflow during multiplication.
> >
> > https://git.musl-libc.org/cgit/musl/tree/src/internal/intscan.c#n69
> >
> > It at the end checks against the limit, e.g. the size of a long
> >
> > https://git.musl-libc.org/cgit/musl/tree/src/internal/intscan.c#n90
> >
> > However, if the value overflows and ends up in the range of the limit,
> > errno will not be set. It seems that each multiplication operation needs to
> > be checking for overflow and return errno if it ever happens.
Can you clarify whether you are reporting a bug in musl or trying to
reuse this code and possibly making breaking changes to your copy? I
cannot reproduce any problem with your test cases. They all correctly
report ERANGE. Checked for strtol, strtoll, and strtoull.
Rich
next prev parent reply other threads:[~2023-12-01 15:52 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-12-01 5:08 [musl] " Anuraag Agrawal
2023-12-01 5:14 ` [musl] " Anuraag Agrawal
2023-12-01 15:52 ` Rich Felker [this message]
2023-12-01 16:21 ` [musl] " Markus Wichmann
2023-12-02 1:42 ` Anuraag Agrawal
2023-12-02 8:48 ` Markus Wichmann
2023-12-02 16:29 ` Rich Felker
2024-02-26 1:30 ` Rich Felker
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231201155240.GB4163@brightrain.aerifal.cx \
--to=dalias@libc.org \
--cc=anuraaga@gmail.com \
--cc=musl@lists.openwall.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/musl/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).