[PATCH] cipher:pk:sexp: Remove bogus checks in SEXP parsing.
Collin Funk
collin.funk1 at gmail.com
Wed Jun 18 04:20:38 CEST 2025
Jacob Bachmeyer via Gcrypt-devel <gcrypt-devel at gnupg.org> writes:
> NACK! NACK! NACK!
>
> Those are checks for integer overflow. (They may even be correct if
> VALUELEN is unsigned.)
>
> If VALUELEN is a signed type, they are undefined behavior and need to
> be fixed, not removed.
It is a size_t so it is unsigned.
But it looks harmless to remove to me. The call to 'malloc' in
'_gcry_sexp_nth_buffer' will fail before VALUELEN overflows.
Here is an example program:
$ cat main.c
#include <stdint.h>
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <errno.h>
int
main (void)
{
char *p = malloc (SIZE_MAX / 8 / 2);
if (p)
abort ();
printf ("%s\n", strerror (errno));
return 0;
}
$ gcc main.c
$ ./a.out
Cannot allocate memory
Collin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gcrypt-devel/attachments/20250617/3da24766/attachment.sig>
More information about the Gcrypt-devel
mailing list