public inbox for [email protected]
help / color / mirror / Atom feedFrom: Heikki Linnakangas <[email protected]>
To: Ranier Vilela <[email protected]>
To: Nathan Bossart <[email protected]>
To: Tomas Vondra <[email protected]>
Cc: Pg Hackers <[email protected]>
Subject: Re: Avoid possible overflow (src/port/bsearch_arg.c)
Date: Mon, 28 Oct 2024 14:13:25 +0200
Message-ID: <[email protected]> (raw)
In-Reply-To: <CAEudQAr8KZET1ogPnT7esb7YdYbmJyFZWo-OnP+FgoKeL+N31A@mail.gmail.com>
References: <CAEudQAp34o_8u6sGSVraLwuMv9F7T9hyHpePXHmRaxR2Aboi+w@mail.gmail.com>
<ZwWkBb2gxs5fGttK@nathan>
<CAEudQAr8KZET1ogPnT7esb7YdYbmJyFZWo-OnP+FgoKeL+N31A@mail.gmail.com>
On 09/10/2024 19:16, Ranier Vilela wrote:
> Em ter., 8 de out. de 2024 às 18:28, Nathan Bossart
> <[email protected] <mailto:[email protected]>> escreveu:
>
> On Tue, Oct 08, 2024 at 04:09:00PM -0300, Ranier Vilela wrote:
> > The port function *bsearch_arg* mimics the C function
> > *bsearch*.
> >
> > The API signature is:
> > void *
> > bsearch_arg(const void *key, const void *base0,
> > size_t nmemb, size_t size,
> > int (*compar) (const void *, const void *, void *),
> > void *arg)
> >
> > So, the parameter *nmemb* is size_t.
> > Therefore, a call with nmemb greater than INT_MAX is possible.
> >
> > Internally the code uses the *int* type to iterate through the
> number of
> > members, which makes overflow possible.
>
> I traced this back to commit bfa2cee (v14), which both moved
> bsearch_arg()
> to its current location and adjusted the style a bit. Your patch looks
> reasonable to me.
>
> Thanks for looking.
Committed, thanks.
Based on the original discussion on bfa2cee, I couldn't figure out where
exactly this new bsearch implementation originated from, but googling
around, probably *BSD or libiberty. Tomas, do you remember? Not that it
matters, but I'm curious.
Some of those other implementations have fixed this, others have not.
And they all seem to also have the "involes" typo in the comment that we
fixed in commit 7ef8b52cf07 :-). Ranier, you might want to submit this
fix to those other projects too.
--
Heikki Linnakangas
Neon (https://neon.tech)
view thread (10+ messages) latest in thread
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected], [email protected], [email protected]
Subject: Re: Avoid possible overflow (src/port/bsearch_arg.c)
In-Reply-To: <[email protected]>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox