svn commit: r250432 - head/usr.bin/split
Eitan Adler
eadler at freebsd.org
Sat May 11 05:54:06 UTC 2013
On 10 May 2013 13:05, Benjamin Kaduk <bjkfbsd at gmail.com> wrote:
> This check relies on signed integer overflow, which is undefined behavior.
> Furthermore, even if one assumes a non-evil compiler and two's complement
> representation, this check fails for pattlen == 10.
> 10**9 is representable as both a signed and unsigned 32-bit integer, but
> 10**10 overflows both variants and ends up in the positive side of the
> signed space.
>
> With a fixed number of bases to be exponentiated here (10 or 26), it would
> seem much simpler to do the logarithm manually out-of-band and just hardcode
> a check on sufflen (noting that maxfiles is of type long which can be either
> 32 or 64 bits).
...
Good point. I did not look closely at this code and assumed it was
correct. I shall fix it.
--
Eitan Adler
Source, Ports, Doc committer
Bugmeister, Ports Security teams
More information about the svn-src-all
mailing list