Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Pedantically you're correct, but on what archictecture/compiler is (sizeof int) != (sizeof size_t), and in what circumstances have you seen this become a vulnerability? (I'm not trying to be argumentative here; I'm legitimately curious.)


I was going to argue against this too because using integers to index loops is such a huge convention in C and then I realized that he's absolutely right.

On LP64, integers are 32 bits and size_t must be 64 bits (or you could overflow it with otherwise legal code).

Even when integer and size_t are the same size, using an integer as an array index is dangerous unless you make sure that it is not negative and can never become negative.

Here's what easily exploitable code looks like:

void pad_ten(char *array, size_t length) {

    if(length < 10) {
        error();
        return;
    }

    for(int i = (length - 10); i < length; i++) {
        array[i] = doPadding();
    }
}

It's exploitable by either choosing a 'length' which becomes negative when assigned to the integer or choosing a 64 bit 'length' which becomes an entirely different (and incorrect) value when truncated to an integer.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: