From: daw@mozart.cs.berkeley.edu (David Wagner)
To: linux-kernel@vger.kernel.org
Subject: Re: macro conflict
Date: 24 Aug 2001 18:20:19 GMT [thread overview]
Message-ID: <9m65t3$410$1@abraham.cs.berkeley.edu> (raw)
In-Reply-To: <14764.998658214@redhat.com> <Pine.LNX.3.95.1010824091538.32666A-100000@chaos.analogic.com>
Richard B. Johnson wrote:
>Looking through the code, min() is most always used to find some value
>that will not overflow some buffer, i.e.,
>
> len = min(user_request_len, sizeof(buffer));
>
>The problem is that sizeof() returns an unsigned int (size_t), and the
>user request length may be an integer. Everything works fine until
>you get to lengths with the high bit set. Then, you are in trouble.
>
>In this case, you could have a 'min()' that does:
>
>#define min(a,b) (unsigned long)(a) < (unsigned long)(b) ? (a) : (b)
>
>... where the comparison (only) is made unsigned, and you keep the
>original values. This should work, perhaps in all the current uses.
Just a small warning: If anyone writes something like
int len = min(user_request_len, sizeof(buffer));
if (user_request_len > len)
goto fail;
memcpy(dst, user_src, len);
they can get into trouble even with your min() macro.
Ok, maybe this is crazy code that noone in their right
mind would ever write.
This is not intended as a criticism -- your approach may be
sufficient for existing code -- but it is something to watch
out for.
next prev parent reply other threads:[~2001-08-24 18:23 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2001-08-23 19:03 macro conflict J. Imlay
2001-08-23 19:21 ` Alan Cox
2001-08-23 19:34 ` Tim Walberg
2001-08-23 20:01 ` Alan Cox
2001-08-23 20:02 ` raybry
2001-08-23 20:16 ` Magnus Naeslund(f)
2001-08-23 20:27 ` Alan Cox
2001-08-23 20:29 ` Magnus Naeslund(f)
2001-08-23 23:18 ` Andrew Cannon
2001-08-23 23:37 ` Magnus Naeslund(f)
2001-08-23 23:35 ` Roman Zippel
2001-08-24 1:42 ` Camiel Vanderhoeven
2001-08-24 13:03 ` David Woodhouse
2001-08-24 13:15 ` Keith Owens
2001-08-24 13:17 ` David Woodhouse
2001-08-24 14:20 ` Bill Pringlemeir
2001-08-24 21:17 ` Roman Zippel
2001-08-24 13:34 ` Richard B. Johnson
2001-08-24 18:20 ` David Wagner [this message]
2001-08-24 17:25 ` Alex Bligh - linux-kernel
2001-08-24 17:34 ` David Woodhouse
2001-08-24 18:12 ` Bill Pringlemeir
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='9m65t3$410$1@abraham.cs.berkeley.edu' \
--to=daw@mozart.cs.berkeley.edu \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.