Re: [Security-discuss] handling integer overflows

security-discuss

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Security-discuss] handling integer overflows

From:	Niels Möller
Subject:	Re: [Security-discuss] handling integer overflows
Date:	Sun, 01 Apr 2012 21:46:20 +0200
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/23.2 (usg-unix-v)

Nikos Mavrogiannopoulos <address@hidden> writes:

> Do you mean the code for the safe multiplication/addition or the
> original code for parsing asn.1?

The overflow checks, in particular for multiplication. Maybe it's no
problem, but at least I find it somewhat unobvious if one should use <
or <= in the various comparisons, and I would have to think for a while
to figure it out.

(I don't have to think for the overflow test for unsigned addition. But
on the other hand, I'm *very* used to that test, from GMP work).

Regards,
/Niels

-- 
Niels Möller. PGP-encrypted email is preferred. Keyid C0B98E26.
Internet email is subject to wholesale government surveillance.

[Prev in Thread]

Current Thread

[Next in Thread]

[Security-discuss] handling integer overflows, Nikos Mavrogiannopoulos, 2012/04/01
- Re: [Security-discuss] handling integer overflows, Niels Möller, 2012/04/01
  - Re: [Security-discuss] handling integer overflows, Nikos Mavrogiannopoulos, 2012/04/01
    - Re: [Security-discuss] handling integer overflows, Niels Möller <=

Prev by Date: Re: [Security-discuss] handling integer overflows
Previous by thread: Re: [Security-discuss] handling integer overflows
Index(es):
- Date
- Thread