Em seg., 28 de out. de 2024 às 09:13, Heikki Linnakangas <hlinn...@iki.fi> escreveu:
> On 09/10/2024 19:16, Ranier Vilela wrote: > > Em ter., 8 de out. de 2024 às 18:28, Nathan Bossart > > <nathandboss...@gmail.com <mailto:nathandboss...@gmail.com>> escreveu: > > > > On Tue, Oct 08, 2024 at 04:09:00PM -0300, Ranier Vilela wrote: > > > The port function *bsearch_arg* mimics the C function > > > *bsearch*. > > > > > > The API signature is: > > > void * > > > bsearch_arg(const void *key, const void *base0, > > > size_t nmemb, size_t size, > > > int (*compar) (const void *, const void *, void *), > > > void *arg) > > > > > > So, the parameter *nmemb* is size_t. > > > Therefore, a call with nmemb greater than INT_MAX is possible. > > > > > > Internally the code uses the *int* type to iterate through the > > number of > > > members, which makes overflow possible. > > > > I traced this back to commit bfa2cee (v14), which both moved > > bsearch_arg() > > to its current location and adjusted the style a bit. Your patch > looks > > reasonable to me. > > > > Thanks for looking. > > Committed, thanks. > Thank you. > > Based on the original discussion on bfa2cee, I couldn't figure out where > exactly this new bsearch implementation originated from, but googling > around, probably *BSD or libiberty. Tomas, do you remember? Not that it > matters, but I'm curious. > > Some of those other implementations have fixed this, others have not. > And they all seem to also have the "involes" typo in the comment that we > fixed in commit 7ef8b52cf07 :-). Ranier, you might want to submit this > fix to those other projects too. > Sure, I can try. best regards, Ranier Vilela
