>>>>> On 2007-04-06 15:35 PDT, J C Pizarro writes:
J> A possible workaround could be it but it's vulnerable if
J> it's defined with -DNDEBUG :
J> int * allocate_int(size_t n) {
J> // it's another integer overflow, a positive can
J> // become to a negative.
J> // n=1073741823 (0x3FFFFFFF) => n*4=-4
J> // (0xFFFFFFFC) return (int*) operator
J> // new[](-4); !!! it's easy for
J> buffer overflow.
J> assert(0 <= (4 * n));
J> // it's an assert against your integer overflow.
J> assert((4ULL * n) <= ULONG_MAX); return (int*)
J> operator new[](4 * n);
J> }
Good points.
Regarding negatives, I believe 'operator new' takes a size_t,
which is unsigned, but if it were signed it, the multiplication
would indeed be in danger of creating a negative.
If possible, I would prefer a solution that's built-in to operator
new. I was thinking it should be implemented when code is
generated, for example using jc/jo/seto on i386.
--
Karl 2007-04-06 15:41
