svn commit: r201999 - head/lib/libc/stdio
Joerg Sonnenberger
joerg at britannica.bec.de
Mon Jan 11 14:27:40 UTC 2010
On Mon, Jan 11, 2010 at 02:29:03PM +1100, Bruce Evans wrote:
> calloc() has the same overflow bug, if any. Standards seem to require
> fread and calloc to work even if the multiplication would occur, though
> they cannot work in most cases where the multiplication would occur,
> even if the overflow is avoided.
Well, calloc on any BSD supported architecture can not allocate more
than SIZE_MAX (or SIZE_MAX itself). There is an error defined for that.
fread and fwrite will access invalid addressses, so doing nothing would
be a correct implementation of "undefined". Cutting it off at
SIZE_MAX/size seems silly as it would give the same behavior.
Frankly, I would just back this out and let the application hit the
wall...
Joerg
More information about the svn-src-all
mailing list