why can echo-2.i overflow?
Cglasses opened this issue · 2 comments
Cglasses commented
Its corresponding YML file states that the expected result of the no-overflow property is false.
I wonder under what circumstances will the program overflow?
echo-2.zip
MartinSpiessl commented
Hi, from the blame log of the file @holznerst linked I see that I created it. In the commit message 97299d4 I mention issue #535, which contains a detailed description of the overflow.
tl;dr is that strlen(strerr)
can lead to an integer close to INT_MAX
, which is used in a signed integer addition to determine the length of the error message in bb_perror_msg
, which will be the length of strerr
plus some added stuff around that:
(unsigned long int)(applet_len + used + strerr_len + msgeol_len + 3) // overflow!