Re: ntdll: Protect RtlAllocateHeap and RtlReAllocateHeap against integer overflows with large values of size.
On Friday 18 May 2007 04:01:19 am Robert Shearman wrote: + ULONGLONG llret = (ULONGLONG)a + b; + if ((sizeof(SIZE_T) sizeof(ULONGLONG)) (llret 0x)) + return FALSE; WOuldn't this be more correct (as well as function when sizeof(SIZE_T) = sizeof(ULONGLONG)): SIZE_T res = a + b; return (res = a);
Re: ntdll: Protect RtlAllocateHeap and RtlReAllocateHeap against integer overflows with large values of size.
Chris Robinson wrote: On Friday 18 May 2007 04:01:19 am Robert Shearman wrote: +ULONGLONG llret = (ULONGLONG)a + b; +if ((sizeof(SIZE_T) sizeof(ULONGLONG)) (llret 0x)) +return FALSE; WOuldn't this be more correct (as well as function when sizeof(SIZE_T) = sizeof(ULONGLONG)): SIZE_T res = a + b; return (res = a); An example that would break using your logic: 2 + (-1) -- Rob Shearman
Re: ntdll: Protect RtlAllocateHeap and RtlReAllocateHeap against integer overflows with large values of size.
On Friday 18 May 2007 05:12:30 am you wrote: An example that would break using your logic: 2 + (-1) SIZE_T (if it follows standard size_t) is unsigned, though. Adding a negative wouldn't be possible.
Re: ntdll: Protect RtlAllocateHeap and RtlReAllocateHeap against integer overflows with large values of size.
Chris Robinson wrote: On Friday 18 May 2007 05:12:30 am you wrote: An example that would break using your logic: 2 + (-1) SIZE_T (if it follows standard size_t) is unsigned, though. Adding a negative wouldn't be possible. Yes, you're right. The second parameter should probably be SSIZE_T. -- Rob Shearman