public inbox for [email protected]  
help / color / mirror / Atom feed
From: Ranier Vilela <[email protected]>
To: Heikki Linnakangas <[email protected]>
Cc: Nathan Bossart <[email protected]>
Cc: Tomas Vondra <[email protected]>
Cc: Pg Hackers <[email protected]>
Subject: Re: Avoid possible overflow (src/port/bsearch_arg.c)
Date: Mon, 28 Oct 2024 09:33:27 -0300
Message-ID: <CAEudQApyHj2OQ1s9BHreF_DfiEGr=OrxDKGatN9YUMcF3Gbp9w@mail.gmail.com> (raw)
In-Reply-To: <[email protected]>
References: <CAEudQAp34o_8u6sGSVraLwuMv9F7T9hyHpePXHmRaxR2Aboi+w@mail.gmail.com>
	<ZwWkBb2gxs5fGttK@nathan>
	<CAEudQAr8KZET1ogPnT7esb7YdYbmJyFZWo-OnP+FgoKeL+N31A@mail.gmail.com>
	<[email protected]>

Em seg., 28 de out. de 2024 às 09:13, Heikki Linnakangas <[email protected]>
escreveu:

> On 09/10/2024 19:16, Ranier Vilela wrote:
> > Em ter., 8 de out. de 2024 às 18:28, Nathan Bossart
> > <[email protected] <mailto:[email protected]>> escreveu:
> >
> >     On Tue, Oct 08, 2024 at 04:09:00PM -0300, Ranier Vilela wrote:
> >      > The port function *bsearch_arg* mimics the C function
> >      > *bsearch*.
> >      >
> >      > The API signature is:
> >      > void *
> >      > bsearch_arg(const void *key, const void *base0,
> >      > size_t nmemb, size_t size,
> >      > int (*compar) (const void *, const void *, void *),
> >      > void *arg)
> >      >
> >      > So, the parameter *nmemb* is size_t.
> >      > Therefore, a call with nmemb greater than INT_MAX is possible.
> >      >
> >      > Internally the code uses the *int* type to iterate through the
> >     number of
> >      > members, which makes overflow possible.
> >
> >     I traced this back to commit bfa2cee (v14), which both moved
> >     bsearch_arg()
> >     to its current location and adjusted the style a bit.  Your patch
> looks
> >     reasonable to me.
> >
> > Thanks for looking.
>
> Committed, thanks.
>
Thank you.


>
> Based on the original discussion on bfa2cee, I couldn't figure out where
> exactly this new bsearch implementation originated from, but googling
> around, probably *BSD or libiberty. Tomas, do you remember? Not that it
> matters, but I'm curious.
>
> Some of those other implementations have fixed this, others have not.
> And they all seem to also have the "involes" typo in the comment that we
> fixed in commit 7ef8b52cf07 :-). Ranier, you might want to submit this
> fix to those other projects too.
>
Sure, I can try.

best regards,
Ranier Vilela


view thread (10+ messages)  latest in thread

reply

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Reply to all the recipients using the --to and --cc options:
  reply via email

  To: [email protected]
  Cc: [email protected], [email protected], [email protected], [email protected]
  Subject: Re: Avoid possible overflow (src/port/bsearch_arg.c)
  In-Reply-To: <CAEudQApyHj2OQ1s9BHreF_DfiEGr=OrxDKGatN9YUMcF3Gbp9w@mail.gmail.com>

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox