Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <ZWoIGGT49V-21l0d@voyager>
Date: Fri, 1 Dec 2023 17:21:44 +0100
From: Markus Wichmann <nullplan@....net>
To: musl@...ts.openwall.com
Cc: Anuraag Agrawal <anuraaga@...il.com>
Subject: Re: Large overflow in __intscan ignored

Am Fri, Dec 01, 2023 at 02:08:54PM +0900 schrieb Anuraag Agrawal:
> Currently, __intscan, used by functions like strtol, does not seem to check
> for overflow during multiplication.
>
> https://git.musl-libc.org/cgit/musl/tree/src/internal/intscan.c#n69
>

There is no multiplication in the referenced line. Assuming you mean the
one above it, the loop condition checks that neither the multiplication
nor the addition can overflow. The same holds for the loop on lines 79f.

As far as I can tell, this has been the case since the first version of
this code was checked in in 2012.

Ciao,
Markus

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.