Martin Pitt <[EMAIL PROTECTED]> wrote: > Hi Florian, hi Frank! > > Frank Küster [2005-12-08 22:55 +0100]: >> Florian Weimer <[EMAIL PROTECTED]> wrote: >> > By the way, the gmallocn function suffers from undefined integer >> > overflow, too: >> > >> > void *gmallocn(int nObjs, int objSize) { >> > int n; >> > >> > n = nObjs * objSize; >> > if (objSize == 0 || n / objSize != nObjs) { >> > fprintf(stderr, "Bogus memory allocation size\n"); >> > exit(1); >> > } >> > return gmalloc(n); >> > } >> >> What's the problem here? That the value in "n" is undefined, and >> therefore the comparison n / objSize != nObjs is undefined, too? > > n is not 'undefined' here. For every given nObjs and objSize input, it > always gets the same well-defined value. > > We can assume that objSize is a small positive number, since it is not > user defined (just a sizeof value). The function works correctly for > positive number of nObjs (both valid and invalid),
But what if nObjs * objSize is larger than fits into an int? Regards, Frank -- Frank Küster Inst. f. Biochemie der Univ. Zürich Debian Developer