LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

'Drug cocktail' to fix /tmp bugs

'Drug cocktail' to fix /tmp bugs

Posted Dec 17, 2011 2:54 UTC (Sat) by nybble41 (subscriber, #55106)
In reply to: 'Drug cocktail' to fix /tmp bugs by wahern
Parent article: Fixing the symlink race problem

> by using modulo arithmetic you thwart someone trying to overflow your buffers by producing the opposite result

I doubt that. The difference between signed and unsigned shows up mainly in comparisons. The result of an expression cast to unsigned (e.g. pointer arithmetic) is generally the same whether you use unsigned modulo arithmetic or two's complement. For example, without overflow detection,

char *buffer;
uint32_t x = 4294967295; // 2**32 - 1
buffer[x];

has exactly the same effect on 32-bit platforms as

char *buffer;
int32_t x = -1;
buffer[x];

The first version does at least have the marginal advantage that you only need to check the upper boundary, provided the lower boundary is zero.

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds