Re: glibc qsort() vulnerability

On Sun, Feb 11, 2024 at 03:44:42PM +0100, Mats Kindahl wrote:
> On Sat, Feb 10, 2024 at 9:53 PM Nathan Bossart <nathandbossart(at)gmail(dot)com>
> wrote:
>> and I think we should expand on some of the commentary in int.h.
>> For example, the comment at the top of int.h seems very tailored to the
>> existing functions and should probably be adjusted.
>
>
> I rewrote the beginning to the following, does that look good?
>
> * int.h
> * Routines to perform signed and unsigned integer arithmetics, including
> * comparisons, in an overflow-safe way.
>
>
>
>> And the "comparison
>> routines for integers" comment might benefit from some additional details
>> about the purpose and guarantees of the new functions.
>>
>
> I expanded that into the following. WDYT?
>
> /*------------------------------------------------------------------------
> * Comparison routines for integers.
> *
> * These routines are used to implement comparison functions for, e.g.,
> * qsort(). They are designed to be efficient and not risk overflows in
> * internal computations that could cause strange results, such as INT_MIN >
> * INT_MAX if you just return "lhs - rhs".
> *------------------------------------------------------------------------

LGTM. I might editorialize a bit before committing, but I think your
proposed wording illustrates the thrust of the change.

--
Nathan Bossart
Amazon Web Services: https://aws.amazon.com