Re: glibc qsort() vulnerability

On Sun, Feb 11, 2024 at 03:44:42PM +0100, Mats Kindahl wrote:
> On Sat, Feb 10, 2024 at 9:53 PM Nathan Bossart <nathandbossart@gmail.com>
> wrote:
>> and I think we should expand on some of the commentary in int.h.
>> For example, the comment at the top of int.h seems very tailored to the
>> existing functions and should probably be adjusted.
>
>
> I rewrote the beginning to the following, does that look good?
>
>  * int.h
>  *  Routines to perform signed and unsigned integer arithmetics, including
>  *  comparisons, in an overflow-safe way.
>
>
>
>> And the "comparison
>> routines for integers" comment might benefit from some additional details
>> about the purpose and guarantees of the new functions.
>>
>
> I expanded that into the following. WDYT?
>
> /*------------------------------------------------------------------------
>  * Comparison routines for integers.
>  *
>  * These routines are used to implement comparison functions for, e.g.,
>  * qsort(). They are designed to be efficient and not risk overflows in
>  * internal computations that could cause strange results, such as INT_MIN >
>  * INT_MAX if you just return "lhs - rhs".
>  *------------------------------------------------------------------------

LGTM.  I might editorialize a bit before committing, but I think your
proposed wording illustrates the thrust of the change.

--
Nathan Bossart
Amazon Web Services: https://aws.amazon.com