The case for integer overflow checks?
Kagamin via Digitalmars-d
digitalmars-d at puremagic.com
Fri Sep 15 12:04:27 UTC 2017
On Friday, 15 September 2017 at 08:46:57 UTC, Guillaume Piolat
wrote:
> int width = parse_width_from_stream(); // eg: 131072
> int height = parse_height_from_stream(); // eg: 131073
Do you hope to see such code? Since width can't be negative, C
programmer would use unsigned integer for it, and you can't
prohibit overflow for unsigned integer. It is unfixable for array
length, because unsigned integers are invariably used for length.
Blueborn vulnerabilities rely on overflow of unsigned integers
(for buffer length) to trigger buffer overflow in calls to
memcopy. But buffer overflow would normally be prevented by bound
checks in case of integer overflow. Just have a safer wrapper
around malloc in your example.
More information about the Digitalmars-d
mailing list