Your message dated Thu, 24 Apr 2014 17:55:51 +0200
with message-id <[email protected]>
and subject line glibc: possible signed integer overflow in libio/iogetdelim.c
has caused the Debian Bug report #517714,
regarding glibc: possible signed integer overflow in libio/iogetdelim.c
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
517714: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=517714
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libc6
Version: 2.9-3
Severity: minor
An excerpt from gcc manual page:
-fstrict-overflow
Allow the compiler to assume strict signed overflow rules, depending
on the language being compiled. For C (and C++) this means that
overflow when doing arithmetic with signed numbers is undefined, which
means that the compiler may assume that it will not happen.
[...]
When this option is in effect any attempt to determine whether an
operation on signed numbers will overflow must be written carefully to
not actually involve overflow.
[...]
The -fstrict-overflow option is enabled at levels -O2, -O3, -Os.
(Note that glibc is compiled with -O2 in Debian.)
I guess the following code snippet from libio/iogetdelim.c could serve
as an example how *not* to write code, when this option is turned on:
if (__builtin_expect (cur_len + len + 1 < 0, 0))
{
__set_errno (EOVERFLOW);
result = -1;
goto unlock_return;
}
--
Jakub Wilk
--- End Message ---
--- Begin Message ---
fixed 517714 eglibc/2.17-0experimental0
stop
See https://sourceware.org/bugzilla/show_bug.cgi?id=9914#c12
--
Stéphane Aulery
--- End Message ---
