On Tue, 8 Apr 2008, Hallvard B Furuseth wrote:Howard Chu writes:You just test: if ( in->bv_len> MYSIZE || in->bv_len + len> MYSIZE ) return FAIL;Except that in->bv_len + len can wrap around:-) In this case, use if ( in->bv_len> MYSIZE - len ) since len will be<= MYSIZE.
No, you don't know whether len is<= MYSIZE, but you _do_ know that in->bv_len is less than MYSIZE from the first clause in the test. So: if ( in->bv_len> MYSIZE || len> MYSIZE - in->bv_len ) return FAIL;
Exactly.
And of course anyone can see that in->bv_len + len > MYSIZE is exactly equivalent to len > MYSIZE - in->bv_len -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/