Re: Avoid possible overflow (src/port/bsearch_arg.c)

Em seg., 28 de out. de 2024 às 09:13, Heikki Linnakangas <hlinnaka(at)iki(dot)fi>
escreveu:

> On 09/10/2024 19:16, Ranier Vilela wrote:
> > Em ter., 8 de out. de 2024 às 18:28, Nathan Bossart
> > <nathandbossart(at)gmail(dot)com <mailto:nathandbossart(at)gmail(dot)com>> escreveu:
> >
> > On Tue, Oct 08, 2024 at 04:09:00PM -0300, Ranier Vilela wrote:
> > > The port function *bsearch_arg* mimics the C function
> > > *bsearch*.
> > >
> > > The API signature is:
> > > void *
> > > bsearch_arg(const void *key, const void *base0,
> > > size_t nmemb, size_t size,
> > > int (*compar) (const void *, const void *, void *),
> > > void *arg)
> > >
> > > So, the parameter *nmemb* is size_t.
> > > Therefore, a call with nmemb greater than INT_MAX is possible.
> > >
> > > Internally the code uses the *int* type to iterate through the
> > number of
> > > members, which makes overflow possible.
> >
> > I traced this back to commit bfa2cee (v14), which both moved
> > bsearch_arg()
> > to its current location and adjusted the style a bit. Your patch
> looks
> > reasonable to me.
> >
> > Thanks for looking.
>
> Committed, thanks.
>
Thank you.

>
> Based on the original discussion on bfa2cee, I couldn't figure out where
> exactly this new bsearch implementation originated from, but googling
> around, probably *BSD or libiberty. Tomas, do you remember? Not that it
> matters, but I'm curious.
>
> Some of those other implementations have fixed this, others have not.
> And they all seem to also have the "involes" typo in the comment that we
> fixed in commit 7ef8b52cf07 :-). Ranier, you might want to submit this
> fix to those other projects too.
>
Sure, I can try.

best regards,
Ranier Vilela