From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org
X-Spam-Level: 
X-Spam-Status: No, score=-3.1 required=5.0 tests=DKIM_ADSP_CUSTOM_MED,
	DKIM_INVALID,DKIM_SIGNED,FREEMAIL_FROM,HTML_MESSAGE,MAILING_LIST_MULTI,
	RCVD_IN_DNSWL_MED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,
	T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.4
Received: (qmail 1910 invoked from network); 2 Dec 2023 01:42:35 -0000
Received: from second.openwall.net (193.110.157.125)
  by inbox.vuxu.org with ESMTPUTF8; 2 Dec 2023 01:42:35 -0000
Received: (qmail 9349 invoked by uid 550); 2 Dec 2023 01:42:27 -0000
Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm
Precedence: bulk
List-Post: <mailto:musl@lists.openwall.com>
List-Help: <mailto:musl-help@lists.openwall.com>
List-Unsubscribe: <mailto:musl-unsubscribe@lists.openwall.com>
List-Subscribe: <mailto:musl-subscribe@lists.openwall.com>
List-ID: <musl.lists.openwall.com>
Reply-To: musl@lists.openwall.com
Received: (qmail 9312 invoked from network); 2 Dec 2023 01:42:27 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1701481342; x=1702086142; darn=lists.openwall.com;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:from:to:cc:subject:date:message-id:reply-to;
        bh=LVtmoG+VEKO3RJi3DMO60RzZWGrMISyMPLuYYvUlYys=;
        b=ilNiyW6u8h88ywCDlXX6YYvi1iREAY6VBB46QjweHqz26cy1AVpKPbi9QI7BPilA5T
         Q8ffwARHF6OPUdBIS3xvdcmJ5c5ReK3YItp2XD2c04kS7wDdjU2dWs7rRYYgmjmoOpJ8
         dsbaCmXnxc77U5kwY44AtTlJOPJ2iGUAu+zk1Wn5XlGJwP53K8idSv2gaD8eBPiJLoCX
         6TCUpkBg9F96mVBaw2+Vr4Cg8+L6d7Qp8CUdxIWFXFFv9QXZuD1X0pLZGnrItQMqJolR
         H7eBTaT/4VvlZBdhg+ZtJAAugtaAL+5ErhgNHR+G1CzhoA1Cz6v2nWWDPA8Z/VPg/94f
         PjHQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1701481342; x=1702086142;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=LVtmoG+VEKO3RJi3DMO60RzZWGrMISyMPLuYYvUlYys=;
        b=btxrijf+dGx6A6t5eaI58Xm//gpcWd6The8pYc6SzJBJXdiNdl41Kwv4vfi8IU7EGQ
         MFOET2ExuwUEPCV9lHf0MJWmXoxrjln9m8d49ijTrWgUw4InTEVEyjntXaJ7/Eauwnzs
         VJ7Zl8wF4XwExAUQg0TX5rUUcBhlaPoewjcneJHhqb0NQ3aWboHKwgYuzleIg1RJcoiH
         tPd6xU5Kf6AX5s1Y81vX3cL/CmjPCvQ3uCRC8U+kKuZr+KpSr8aYnvvoMFe7lblglIh8
         dyUANlox8BBXGMpfwN95ToOzfU55MqLJev2ogH1QANqdiK/zPaGBUaiU2ereunWDd1H6
         3wtg==
X-Gm-Message-State: AOJu0Ywd1/i9lGtCHUuaFX6RJM8Fw/NZexmhPESvzCmhlxo0obK7TNun
	YIXvvD8nGrM55lhC7zFc8DA99Mhe0fM23QtW/HI=
X-Google-Smtp-Source: AGHT+IFrawzJW/uwC05utdSBRVPuqx34UaaMJfF0kkcQBjXGpAzddCh6IX1wJIk3Dht5rRZXoaW2kzDyxqADSGaL/qQ=
X-Received: by 2002:a17:906:5198:b0:a19:a19b:78d6 with SMTP id
 y24-20020a170906519800b00a19a19b78d6mr1075832ejk.153.1701481341819; Fri, 01
 Dec 2023 17:42:21 -0800 (PST)
MIME-Version: 1.0
References: <CAOWvS+0oOjLue4S=E1ua7oMMe-EZn_zaU3RvYDMuSGNxDP2isw@mail.gmail.com>
 <ZWoIGGT49V-21l0d@voyager>
In-Reply-To: <ZWoIGGT49V-21l0d@voyager>
From: Anuraag Agrawal <anuraaga@gmail.com>
Date: Sat, 2 Dec 2023 10:42:11 +0900
Message-ID: <CAOWvS+2BrX2qM+JwSYO-hGbSFJ8Dbkjg_ef3nfboc8c5Q=UmgQ@mail.gmail.com>
To: Markus Wichmann <nullplan@gmx.net>
Cc: musl@lists.openwall.com
Content-Type: multipart/alternative; boundary="000000000000f89d6f060b7cfe92"
Subject: Re: [musl] Large overflow in __intscan ignored

--000000000000f89d6f060b7cfe92
Content-Type: text/plain; charset="UTF-8"

Hello,

Thanks for checking and very sorry for the noise, I didn't read the loop
condition correctly. I am using Webassembly so the issue must be specific
to it somehow. I will report on wasi-libc to follow up.

Thanks,

On Sat, Dec 2, 2023, 01:21 Markus Wichmann <nullplan@gmx.net> wrote:

> Am Fri, Dec 01, 2023 at 02:08:54PM +0900 schrieb Anuraag Agrawal:
> > Currently, __intscan, used by functions like strtol, does not seem to
> check
> > for overflow during multiplication.
> >
> > https://git.musl-libc.org/cgit/musl/tree/src/internal/intscan.c#n69
> >
>
> There is no multiplication in the referenced line. Assuming you mean the
> one above it, the loop condition checks that neither the multiplication
> nor the addition can overflow. The same holds for the loop on lines 79f.
>
> As far as I can tell, this has been the case since the first version of
> this code was checked in in 2012.
>
> Ciao,
> Markus
>

--000000000000f89d6f060b7cfe92
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"auto">Hello,<div dir=3D"auto"><br></div><div dir=3D"auto">Thank=
s for checking and very sorry for the noise, I didn&#39;t read the loop con=
dition correctly. I am using Webassembly so the issue must be specific to i=
t somehow. I will report on wasi-libc to follow up.</div><div dir=3D"auto">=
<br></div><div dir=3D"auto">Thanks,</div></div><br><div class=3D"gmail_quot=
e"><div dir=3D"ltr" class=3D"gmail_attr">On Sat, Dec 2, 2023, 01:21 Markus =
Wichmann &lt;<a href=3D"mailto:nullplan@gmx.net">nullplan@gmx.net</a>&gt; w=
rote:<br></div><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex=
;border-left:1px #ccc solid;padding-left:1ex">Am Fri, Dec 01, 2023 at 02:08=
:54PM +0900 schrieb Anuraag Agrawal:<br>
&gt; Currently, __intscan, used by functions like strtol, does not seem to =
check<br>
&gt; for overflow during multiplication.<br>
&gt;<br>
&gt; <a href=3D"https://git.musl-libc.org/cgit/musl/tree/src/internal/intsc=
an.c#n69" rel=3D"noreferrer noreferrer" target=3D"_blank">https://git.musl-=
libc.org/cgit/musl/tree/src/internal/intscan.c#n69</a><br>
&gt;<br>
<br>
There is no multiplication in the referenced line. Assuming you mean the<br=
>
one above it, the loop condition checks that neither the multiplication<br>
nor the addition can overflow. The same holds for the loop on lines 79f.<br=
>
<br>
As far as I can tell, this has been the case since the first version of<br>
this code was checked in in 2012.<br>
<br>
Ciao,<br>
Markus<br>
</blockquote></div>

--000000000000f89d6f060b7cfe92--