From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp-out1.suse.de (smtp-out1.suse.de [195.135.220.28]) by sourceware.org (Postfix) with ESMTPS id CCE9D3895FD9 for ; Thu, 27 Oct 2022 15:38:35 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org CCE9D3895FD9 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=suse.de Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=suse.de Received: from relay2.suse.de (relay2.suse.de [149.44.160.134]) by smtp-out1.suse.de (Postfix) with ESMTP id D89BE21B13; Thu, 27 Oct 2022 15:38:34 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1666885114; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=nrTRdVqAqa6wyWdVcoCFH7K9TiOCMbNYsZ9xykgnJjM=; b=u57IB1oU9Xmvn1g4aqrsakK1By4yik2xI5dHq+U3w/nTkHi+/WJtzrSqz1SiYeysFSGOFU zd2mMO/3vr+yQgbotYo4HYF0xSZ63OTVRlhUZAJ7xEVWC3mYTO0jvg7p7q4ZFWUNpyXH6Z 2xv1S8Y1fVeZkRKB3+xz7OAoyK7yLBg= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1666885114; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=nrTRdVqAqa6wyWdVcoCFH7K9TiOCMbNYsZ9xykgnJjM=; b=T099es+pRIJdimMKokE+YRCD2pRYe7BCOI57Clmxcuo6GovgFbyH+PWLplggz086MuFAc/ AKrHRf/HYt/sZdBQ== Received: from hawking.suse.de (unknown [10.168.4.11]) by relay2.suse.de (Postfix) with ESMTP id D2AA02C141; Thu, 27 Oct 2022 15:38:34 +0000 (UTC) Received: by hawking.suse.de (Postfix, from userid 17005) id 4AEC5441BF5; Thu, 27 Oct 2022 17:38:34 +0200 (CEST) From: Andreas Schwab To: Szabolcs Nagy via Libc-alpha Cc: Szabolcs Nagy Subject: Re: [PATCH 01/20] Fix OOB read in stdlib thousand grouping parsing [BZ #29727] References: <2650014080d5ad13f0a3968c0c9fd371127b29ca.1666877952.git.szabolcs.nagy@arm.com> X-Yow: NEWARK has been REZONED!! DES MOINES has been REZONED!! Date: Thu, 27 Oct 2022 17:38:33 +0200 In-Reply-To: <2650014080d5ad13f0a3968c0c9fd371127b29ca.1666877952.git.szabolcs.nagy@arm.com> (Szabolcs Nagy via Libc-alpha's message of "Thu, 27 Oct 2022 16:32:06 +0100") Message-ID: User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Status: No, score=-9.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,GIT_PATCH_0,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: On Okt 27 2022, Szabolcs Nagy via Libc-alpha wrote: > diff --git a/stdlib/grouping.c b/stdlib/grouping.c > index be7922f5fd..4622897488 100644 > --- a/stdlib/grouping.c > +++ b/stdlib/grouping.c > @@ -64,9 +64,17 @@ __correctly_grouped_prefixmb (const STRING_TYPE *begin, const STRING_TYPE *end, > thousands_len = strlen (thousands); > #endif > > +#ifdef USE_WIDE_CHAR > while (end > begin) > +#else > + while (end - begin >= thousands_len) > +#endif > { > +#ifdef USE_WIDE_CHAR > const STRING_TYPE *cp = end - 1; > +#else > + const STRING_TYPE *cp = end - thousands_len; > +#endif This could be simplified by defining a constant thousands_len for the USE_WIDE_CHAR case. -- Andreas Schwab, SUSE Labs, schwab@suse.de GPG Key fingerprint = 0196 BAD8 1CE9 1970 F4BE 1748 E4D4 88E3 0EEA B9D7 "And now for something completely different."