From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-3.4 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,FREEMAIL_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED, RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 5313 invoked from network); 1 Dec 2023 16:22:00 -0000 Received: from second.openwall.net (193.110.157.125) by inbox.vuxu.org with ESMTPUTF8; 1 Dec 2023 16:22:00 -0000 Received: (qmail 1950 invoked by uid 550); 1 Dec 2023 16:21:53 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Reply-To: musl@lists.openwall.com Received: (qmail 1912 invoked from network); 1 Dec 2023 16:21:53 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=s31663417; t=1701447706; x=1702052506; i=nullplan@gmx.net; bh=ewbzPN4fLUJ8Hp/SRgjmOTF3YvTGyxaaCUOVAy4bZHo=; h=X-UI-Sender-Class:Date:From:To:Cc:Subject:References: In-Reply-To; b=jIQyy3t96iKnYhgcXCgsU974fhW+m/LJoZDLabJ5K/GSVy8k5usaiRRaOBd3qyoN ez58yYW8liKi31VCIW50qYbVVxackWvhmnWiXhMv7BGTm+ObLIGDk6PbMRJZD+9EI 0quCrohb3pl5F2Ied4OfVmGhkBL8zt6Pyiwe++DfQMcOmUW+sB8e4mdVfBIBRE47s ekqSHAX5IFAhJxRyaonCXviHUBozbfaSWeU+2f7vcgmoX+dpNcHHdlnB1Grtpgkyl DznjyNrsKV4Wmb737rARMjJuvTpdU2Q/HjEBB0b8mFnnUyLICQ/NW4d7tilJLmENP 87iiHpnEkTHpkESZTg== X-UI-Sender-Class: 724b4f7f-cbec-4199-ad4e-598c01a50d3a Date: Fri, 1 Dec 2023 17:21:44 +0100 From: Markus Wichmann To: musl@lists.openwall.com Cc: Anuraag Agrawal Message-ID: References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Provags-ID: V03:K1:tDmm7ehgDogdl69NZ7zHACs/Q5remzkE/jd28E00yw0myVeDBDl 6/T6k0zymx/VAyM9Pi+B5gJZ/LY1shba0USjc6ImQBvKdHdSVf1Zn5ybwvmfEdCap1Z4bsj I9euXYMVqaWLSoJAuRn6KBWoGsa0zEe3Xk/co7MtQlannSbtAgC9k6wFOzLIdAi/BokF4kP r/8bGCCCS6btDjvQntXAg== UI-OutboundReport: notjunk:1;M01:P0:+WFF7JLwHPY=;/YnilOFMauqVS9zg3wr8V22ONWp mVl/IiKP4g54wZ/yk2KwRmoLfDt34rZ3M68duoaqnT1/XAwjbRlvMm6ol35qBQryf0PFG2P8J tErDAcKfDktDpaR1WDpGh8R8q8DQU9JNG/pUhwflTGVWkAuzILwadUCgSqIZNTX8FOtirKRnK U5p1Mv7dNCy8E2grbSHExinUTw3Iu6Df9NvDENlDJ6ZpIRKzzcPmKSsGcHVWYUWJ8mGWvP1IT vmwEeE6+ZoMyVHriRVHMxAHTHtpw4m6esCuSiB1Ax3UKtd6RL/prTkua+FJGWITNkEM+3Pakw DWIVBDS9AvRC36SyIkGS7r9pbFVGUZp/80Bp2E7gso3ybnN/ou9Nd0L0LzM2pk34PcxarXgKq FIMFW5WoOqFPNZi81IEGgUNSjdtcKBQOlQs6+gJX8fY75SRJXzGe37agJZzs/O9/d1vBWoAjw djCRgrVCu2PgTe42qvJOCTPwfeTfYowEMMC5x7/aVv4TgpF0LR2AaAyBg/k2vxR20POiGsqtf TH2lJSfVw23eVAEF63q2crhQCrVWbTuqwoM4vMnU6xcayslw6rOKXOUr4iT2G+LgVg2uC2WG8 BInRXEaJizg5573YH0ev23pk43M0xv5piK8HZndP4Mu5cwBTfo3QLK7Lk8a+TF5DldKtzC6yF ZlzwFhamHyl0C9OOV0cl1+jRwwINQ1GGFOpQ10mzVAp8EFvNnDt7Aku/6NZn78gdv8Nj9c1tY xI3iIMdyi4ynOdI78sKVaVuMCoIiAhtAVJeuD3gbMSuIWLvkEbf1ayw727z23CExBF+NaE2kk g6UH1wOgg35HlKCoVqcr7Hzm0uZGcHQFCMFBSOVmD9h4A1PJ8LZo6pAyr3JA1JdP1gUKFDSmY EBSBjPrNSZHyg7cOFO6EwjRrofdXWV2N6/D6U3/uFSEKvhCKX4HIOLY1Xy6pfM/GYya3o4Xpc QHaifqVDqoJjxwDfKVQ6v8zeZPA= Content-Transfer-Encoding: quoted-printable Subject: Re: [musl] Large overflow in __intscan ignored Am Fri, Dec 01, 2023 at 02:08:54PM +0900 schrieb Anuraag Agrawal: > Currently, __intscan, used by functions like strtol, does not seem to ch= eck > for overflow during multiplication. > > https://git.musl-libc.org/cgit/musl/tree/src/internal/intscan.c#n69 > There is no multiplication in the referenced line. Assuming you mean the one above it, the loop condition checks that neither the multiplication nor the addition can overflow. The same holds for the loop on lines 79f. As far as I can tell, this has been the case since the first version of this code was checked in in 2012. Ciao, Markus