Em ter., 8 de out. de 2024 às 18:28, Nathan Bossart < nathandboss...@gmail.com> escreveu:
> On Tue, Oct 08, 2024 at 04:09:00PM -0300, Ranier Vilela wrote: > > The port function *bsearch_arg* mimics the C function > > *bsearch*. > > > > The API signature is: > > void * > > bsearch_arg(const void *key, const void *base0, > > size_t nmemb, size_t size, > > int (*compar) (const void *, const void *, void *), > > void *arg) > > > > So, the parameter *nmemb* is size_t. > > Therefore, a call with nmemb greater than INT_MAX is possible. > > > > Internally the code uses the *int* type to iterate through the number of > > members, which makes overflow possible. > > I traced this back to commit bfa2cee (v14), which both moved bsearch_arg() > to its current location and adjusted the style a bit. Your patch looks > reasonable to me. > Thanks for looking. best regards, Ranier Vilela
