Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAOWvS+2BrX2qM+JwSYO-hGbSFJ8Dbkjg_ef3nfboc8c5Q=UmgQ@mail.gmail.com>
Date: Sat, 2 Dec 2023 10:42:11 +0900
From: Anuraag Agrawal <anuraaga@...il.com>
To: Markus Wichmann <nullplan@....net>
Cc: musl@...ts.openwall.com
Subject: Re: Large overflow in __intscan ignored

Hello,

Thanks for checking and very sorry for the noise, I didn't read the loop
condition correctly. I am using Webassembly so the issue must be specific
to it somehow. I will report on wasi-libc to follow up.

Thanks,

On Sat, Dec 2, 2023, 01:21 Markus Wichmann <nullplan@....net> wrote:

> Am Fri, Dec 01, 2023 at 02:08:54PM +0900 schrieb Anuraag Agrawal:
> > Currently, __intscan, used by functions like strtol, does not seem to
> check
> > for overflow during multiplication.
> >
> > https://git.musl-libc.org/cgit/musl/tree/src/internal/intscan.c#n69
> >
>
> There is no multiplication in the referenced line. Assuming you mean the
> one above it, the loop condition checks that neither the multiplication
> nor the addition can overflow. The same holds for the loop on lines 79f.
>
> As far as I can tell, this has been the case since the first version of
> this code was checked in in 2012.
>
> Ciao,
> Markus
>

Content of type "text/html" skipped

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.