Jacob Bachmeyer via Gcrypt-devel <gcrypt-devel@gnupg.org> writes: > NACK! NACK! NACK! > > Those are checks for integer overflow. (They may even be correct if > VALUELEN is unsigned.) > > If VALUELEN is a signed type, they are undefined behavior and need to > be fixed, not removed.
It is a size_t so it is unsigned.
But it looks harmless to remove to me. The call to 'malloc' in
'_gcry_sexp_nth_buffer' will fail before VALUELEN overflows.
Here is an example program:
$ cat main.c
#include <stdint.h>
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <errno.h>
int
main (void)
{
char *p = malloc (SIZE_MAX / 8 / 2);
if (p)
abort ();
printf ("%s\n", strerror (errno));
return 0;
}
$ gcc main.c
$ ./a.out
Cannot allocate memory
Collin
signature.asc
Description: PGP signature
_______________________________________________ Gcrypt-devel mailing list Gcrypt-devel@gnupg.org https://lists.gnupg.org/mailman/listinfo/gcrypt-devel
