From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-3.1 required=5.0 tests=DKIM_ADSP_CUSTOM_MED, DKIM_INVALID,DKIM_SIGNED,FREEMAIL_FROM,HTML_MESSAGE,MAILING_LIST_MULTI, RCVD_IN_DNSWL_MED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 20980 invoked from network); 1 Dec 2023 05:14:28 -0000 Received: from second.openwall.net (193.110.157.125) by inbox.vuxu.org with ESMTPUTF8; 1 Dec 2023 05:14:28 -0000 Received: (qmail 20141 invoked by uid 550); 1 Dec 2023 05:14:23 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Reply-To: musl@lists.openwall.com Received: (qmail 20102 invoked from network); 1 Dec 2023 05:14:23 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1701407655; x=1702012455; darn=lists.openwall.com; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=lpn2fvNI3plFIT3a/ZytnNJxXnA4VZFDkZbAt5pnbN8=; b=gY2eN0Q6kSwPJlxUsibKXZEuRuuxuPqdzfsNZYXmG+q7C2oXlrWk4aGUya9WQjeS+u CeAubOlFKgq4a9O5SxXdwFaXy6e2/RKVNtWl3N0aXrpiF0HZ5u5izCJbq/bUTKEigu/y eTqaHmMhwU4efAPwfyPLok/IuZ67xzRxfqOv1Z+WCMOxntoV9Tq00vxOaWhK1VAkl5+t 6F6T+ZZl2CfPtHYZqKgm/T9WapRKWoLYCfhVM/alIszdn5FVSPdS4fovf0JFtKv/HUkd peBP6A59G//rEtenRga8JfgG8zOcvoErEo6h1QszBTudClc4bquyh6T+yXhUK/Fypz+R /sOA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1701407655; x=1702012455; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=lpn2fvNI3plFIT3a/ZytnNJxXnA4VZFDkZbAt5pnbN8=; b=iWragPQOH8xrqsiM9Yua0qjq2lUDrppYfTrgd4xLXeKvYVpXkUB/Nf4RKmepO7s5ol k2QRpycP0NovEonXATHcbd2ZQAsM8ayp0pHu6+uiXzfCHs+zwts6M6gmoRh5hUuXgiR9 3EVte8XNb5EC7iEXXcrsH7b6Wglkif9f7TOBZr2psdaJSK/ewtLPyVgHMLjRmXuq77II SNQOJI14eSvkPiVyGCaI2+8Sv5TVUSVa/CuviUayPkeAxXv0rh+VmScBts4M0QMyyH8O m8qbHdZy+O0ygCo2oELlhNqRw/gyt6A6cPpYNjgbC7MAorfM3UnSHxg5ZzL1R5m+wYEg Rt4g== X-Gm-Message-State: AOJu0YwshfVGBdLkScBZF7ftpzdxqxhyGH2tN7m438Ui+0V+Z74i1Ozv 9Oq53MaPtKZJcAbeF65Ae0klm4AbVutdclNOCUcQH/Un5J0mEA== X-Google-Smtp-Source: AGHT+IECoPgq7mfHWa6619svb+Z9G5+jP7XTtZ/7XtPRdAH/b0qV+XlKxCnAacG5pjDAm2envmlDPxcUH65rv3QB0ek= X-Received: by 2002:a17:907:75d1:b0:a19:a1ba:bab2 with SMTP id jl17-20020a17090775d100b00a19a1babab2mr215029ejc.88.1701407654909; Thu, 30 Nov 2023 21:14:14 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: Anuraag Agrawal Date: Fri, 1 Dec 2023 14:14:03 +0900 Message-ID: To: musl@lists.openwall.com Content-Type: multipart/alternative; boundary="000000000000e39bd9060b6bd658" Subject: [musl] Re: Large overflow in __intscan ignored --000000000000e39bd9060b6bd658 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Oops, sorry I should have mentioned, the inputs I am working with that do not set errno are 999999999999999999999 1000000000000000000000 479099999999999999999999999999999999999999999999999999999999999999999999999= 9999999999999 999999999999999999999999999999999999999999999999999999999999999999999999999= 9999999999999 For context, they come from test cases in libpg_query https://github.com/pganalyze/libpg_query/blob/15-latest/test/scan_tests.c#L= 30 On Fri, Dec 1, 2023 at 2:08=E2=80=AFPM Anuraag Agrawal = wrote: > Currently, __intscan, used by functions like strtol, does not seem to > check for overflow during multiplication. > > https://git.musl-libc.org/cgit/musl/tree/src/internal/intscan.c#n69 > > It at the end checks against the limit, e.g. the size of a long > > https://git.musl-libc.org/cgit/musl/tree/src/internal/intscan.c#n90 > > However, if the value overflows and ends up in the range of the limit, > errno will not be set. It seems that each multiplication operation needs = to > be checking for overflow and return errno if it ever happens. > > --000000000000e39bd9060b6bd658 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Oops, sorry I should have mentioned, the inputs I am worki= ng with that do not set errno are

999999999999999999999<= br>
1000000000000000000000
479099999999999999999999= 9999999999999999999999999999999999999999999999999999999999999999
<= div>99999999999999999999999999999999999999999999999999999999999999999999999= 99999999999999999

For context, they come from = test cases in libpg_query


On Fri, Dec 1, 2023 at 2:08=E2=80=AFPM Anuraag Agrawal <anuraaga@gmail.com> wrote:
<= blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-l= eft:1px solid rgb(204,204,204);padding-left:1ex">
Currently= , __intscan, used by functions like strtol, does not seem to check for over= flow during multiplication.

https= ://git.musl-libc.org/cgit/musl/tree/src/internal/intscan.c#n69

It at the end checks against the limit, e.g. the size = of a long


However, if the value overflows and ends up in the range of the=C2= =A0limit, errno will not be set. It seems that each multiplication operatio= n needs to be checking for overflow and return errno if it ever happens.

--000000000000e39bd9060b6bd658--