On 6/18/25 11:53, Paul Eggert wrote:
On 2025-06-17 20:27, Jacob Bachmeyer via Gcrypt-devel wrote:
It is a size_t so it is unsigned.

Then the checks are correct as written.

Not on oddball platforms where SIZE_MAX <= INT_MAX, because in that case it's signed integer overflow and behavior is undefined. POSIX allows such platforms.

Maybe gcrypt should have a static_assert (INT_MAX < SIZE_MAX)? That might be easier than adjusting all its size_t-calculating code to be portable to oddball platforms. Unless there's a goal to be fully POSIX portable.

More important, the checks are not valid on platforms like x86-64 where UINT_MAX < SIZE_MAX, because mpi_set_opaque takes an unsigned int arg.

I was about to say that I thought amd64 would trip that static assert, since "int" is 32-bit but "long int" and "size_t" are 64-bit.

This looks like a real bug, at least just from local inspection.

So the checks are indeed incorrect...

I advocate for defense-in-depth

Although this defense is needed it's not defense in depth, as there's no guarantee malloc will fail with sizes close to SIZE_MAX.

... and the checks are also needed.  "Fun."


-- Jacob



_______________________________________________
Gcrypt-devel mailing list
Gcrypt-devel@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gcrypt-devel

Reply via email to