Hi, On 14 August 2013 16:17, Raphael Geissert <geiss...@debian.org> wrote: > Looking at your fix in c4d4e0478, I'd look into fixing it in a way > that doesn't imply that integers overflow, as that's undefined > behavior and can be optimised away by compilers. None of the > instructions can actually decrease j, so j + 1 can never be <= 0 if > integers don't overflow. > Wouldn't it be better to just set a limit to j that is checked while > calculating the amount of memory that is needed, and that is lower > enough than INT_MAX that performing one more iteration won't overflow > it?
Attached patch does something like the above and performs a check on the value of i, which I believe can be made to point past the end of the buffer. Cheers, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net
0001-Don-t-rely-on-the-behaviour-of-signed-integer-overfl.patch
Description: Binary data