GNU bug report logs -
#28120
[PATCH] ptx: fix a possible crash caused by integer overflow
Previous Next
Reported by: Kamil Dudka <kdudka <at> redhat.com>
Date: Thu, 17 Aug 2017 11:47:02 UTC
Severity: normal
Tags: patch
Done: Paul Eggert <eggert <at> cs.ucla.edu>
Bug is archived. No further changes may be made.
Full log
Message #10 received at 28120-done <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
On 08/17/2017 04:40 AM, Kamil Dudka wrote:
> -typedef short int DELTA; /* to hold displacement within one context */
> +typedef int DELTA; /* to hold displacement within one context */
Thanks for the heads-up. Although that fixes things for that particular
test case, it won't work for larger cases. The type should be ptrdiff_t
instead of int.
As its FIXME comment says, ptx is riddled with integer-overflow bugs. I
installed the attached patch to fix the bug that you mentioned along
with the other low-hanging fruit that I found, and am marking the bug as
fixed upstream. I expect some other integer-overflow bugs can still
occur in practice, but at least this patch is a significant improvement.
This patch prefers signed integer types like ptrdiff_t to unsigned types
like size_t, as signed types allow for better checking when compiled
with sanitization.
[0001-ptx-fix-some-integer-overflow-bugs.patch (text/x-patch, attachment)]
This bug report was last modified 7 years and 281 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.