[openssl-dev] [openssl.org #4094] Nonsensical pointer comparison in PACKET_buf_init
Kaduk, Ben via RT
rt at openssl.org
Thu Oct 22 20:00:36 UTC 2015
On 10/22/2015 01:02 PM, Stefan.Neis at t-online.de via RT wrote:
> Hi,
>
> Wouldn't
> if ( UINTPTR_MAX - (uintptr_t) buffer < len)
> be closer to the intention of the original check?
> Or is this undefined behaviour as well and I
> stupidly missed that fact?
>
That appears to be defined behavior, but the intention of the original
check is not particularly well-specified. The committed version should
be sufficient; there does not seem to be a reason to change it again.
-Ben
More information about the openssl-dev
mailing list