[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Possibly incomplete bounds check after strtol(3)
From: |
G. Branden Robinson |
Subject: |
Re: Possibly incomplete bounds check after strtol(3) |
Date: |
Tue, 12 Mar 2024 17:50:28 -0500 |
Hi Alex,
At 2024-03-12T23:22:32+0100, Alejandro Colomar wrote:
> That's still a problem on ILP64, ain't it? :)
Shouldn't we call that ILLLP64?
> Not that I like such systems, but Paul Eggert reminded me of their
> existence when I suggested a similar fix for a similar problem some
> time ago.
>
> You'll need to just use a better API.
I am reluctant to increase groff's build dependencies; I perceive its
portability to geriatric Unix systems as advantageous in my quest to
see the end of System V troff.
> strtoi(3), provided by the BSDs, and by libbsd on non-BSD systems, is
> a better one. It had a bug until earlier this year, when I fixed it,
> so you may want to avoid it.
Why is it that no matter how big our integers get, we never seem to get
any better at range-checking with respect to them?
> > You may see another problem here. We accept '1' as an argument, but
> > then pass it to a function called `is_prime()`...which fails an
> > assertion on that input. Whoops.
>
> Hmmm, yeah. So you could raise it to 3, and then also drop the >2
> test.
As Cliff Clavin would say, it's a little-known fact that 2 is prime.
If a user wants overflowing hash buckets, it's not my job to stop them.
> Hmm, ok. Let's hope nobody adds a call to this function with a
> different 'min'.
indxbib mainly exists to redress performance problems that people
stopped noticing about 30 years ago, thanks to Moore's Law.
I feel a sense of responsibility to protect groff programs from insane
user inputs.
I cannot protect the code from insane programmers.
Regards,
Branden
signature.asc
Description: PGP signature