[Expat-bugs] [ expat-Bugs-2412451 ] may be undefined behaver on integer overflow
SourceForge.net
noreply at sourceforge.net
Sun Jan 18 16:54:51 CET 2009
Bugs item #2412451, was opened at 2008-12-09 15:38
Message generated for change (Comment added) made by kwaclaw
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=110127&aid=2412451&group_id=10127
Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: None
Group: Platform Specific
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: NikeL (gelenberg)
Assigned to: Nobody/Anonymous (nobody)
Summary: may be undefined behaver on integer overflow
Initial Comment:
Hi,
I think in lib/xmlparse.c Revision 1.162 on line 2572
my occur integer overflow on x86_64 platform, cause int < sizeof(void*). There should be used size_t, i think.
----------------------------------------------------------------------
>Comment By: Karl Waclawek (kwaclaw)
Date: 2009-01-18 10:54
Message:
In Expat, pointer differences are basically always cast to int.
It is extremely unlikely that this would cause an overflow, as Expat
breaks the input buffer into chunks according to boundaries it recognizes,
like line-breaks, entity references, tag delimiters, etc.
Also, the input functions allow only int for specifying text lengths.
Technically, it might be possible to construct some input that might cause
an overflow, like an element name that is 2^33 characters long.
Not sure if it makes sense to do anything about it, as it would probably
require us to change all ints to (64bit) longs and maybe also break the
interface.
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=110127&aid=2412451&group_id=10127
More information about the Expat-bugs
mailing list