#468 may be undefined behaver on integer overflow

Platform Specific
open-postponed
None
5
2012-03-03
2008-12-09
NikeL
No

Hi,

I think in lib/xmlparse.c Revision 1.162 on line 2572
my occur integer overflow on x86_64 platform, cause int < sizeof(void*). There should be used size_t, i think.

Discussion

  • Karl Waclawek

    Karl Waclawek - 2009-01-18

    In Expat, pointer differences are basically always cast to int.
    It is extremely unlikely that this would cause an overflow, as Expat breaks the input buffer into chunks according to boundaries it recognizes, like line-breaks, entity references, tag delimiters, etc.
    Also, the input functions allow only int for specifying text lengths.

    Technically, it might be possible to construct some input that might cause an overflow, like an element name that is 2^33 characters long.

    Not sure if it makes sense to do anything about it, as it would probably require us to change all ints to (64bit) longs and maybe also break the interface.

     
  • Karl Waclawek

    Karl Waclawek - 2012-03-03
    • assigned_to: nobody --> kwaclaw
    • status: open --> open-postponed
     

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

JavaScript is required for this form.





No, thanks