Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > gnu.bash.bug > #11371

Re: Integer Overflow in braces

From Chet Ramey <chet.ramey@case.edu>
Newsgroups gnu.bash.bug
Subject Re: Integer Overflow in braces
Date 2015-08-18 10:37 -0400
Message-ID <mailman.8534.1439908681.904.bug-bash@gnu.org> (permalink)
References <CABq52TYThGj9OtBn3xTti5scmA=WdnS7ULw3G6GMayPK6WR0+w@mail.gmail.com> <5768562.ErHXazUaoC@smorgbox> <20150818130433.GF4309@eeg.ccf.org> <1558903.maOEY5AuEr@smorgbox>

Show all headers | View raw

On 8/18/15 9:12 AM, Dan Douglas wrote:

> Actually I think I spoke too soon. There's already some considerable logic in 
> braces.c to check for overflow (e.g. around braces.c:390 shortly after 
> declaration of the int). Looks like there were some changes in this code last 
> year to "beef it up" a bit. (see commit 
> 67440bc5959a639359bf1dd7d655915bf6e9e7f1). I suspect this is probably fixed in 
> devel.

Well, `fixed' is a tricky thing.  There is code in bash-4.4 to use malloc
instead of xmalloc -- which just aborts on failure -- but there is only so
much you can do to protect someone from himself.

Chet

-- 
``The lyf so short, the craft so long to lerne.'' - Chaucer
		 ``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, ITS, CWRU    chet@case.edu    http://cnswww.cns.cwru.edu/~chet/

Back to gnu.bash.bug | Previous | Next | Find similar

Thread

Re: Integer Overflow in braces Chet Ramey <chet.ramey@case.edu> - 2015-08-18 10:37 -0400

csiph-web