On Mon, Jan 11, 2010 at 02:29:03PM +1100, Bruce Evans wrote: > calloc() has the same overflow bug, if any. Standards seem to require > fread and calloc to work even if the multiplication would occur, though > they cannot work in most cases where the multiplication would occur, > even if the overflow is avoided.
Well, calloc on any BSD supported architecture can not allocate more than SIZE_MAX (or SIZE_MAX itself). There is an error defined for that. fread and fwrite will access invalid addressses, so doing nothing would be a correct implementation of "undefined". Cutting it off at SIZE_MAX/size seems silly as it would give the same behavior. Frankly, I would just back this out and let the application hit the wall... Joerg _______________________________________________ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
