Mailing List Archive

From:: "Theo de Raadt" <deraadt@openbsd.org>
Subject:: Re: usr.bin/patch: use strtonum instead of atoi()
To:: Omar Polo <op@omarpolo.com>
Cc:: Alexander Bluhm <bluhm@openbsd.org>, tech@openbsd.org
Date:: Thu, 29 Aug 2024 16:04:16 -0600

Download raw body.

Thread

2024-08-29 17:00 Theo de Raadt:
usr.bin/patch: use strtonum instead of atoi()
- 2024-08-29 20:59 Omar Polo:
  usr.bin/patch: use strtonum instead of atoi()
- - 2024-08-29 22:04 Theo de Raadt:
    usr.bin/patch: use strtonum instead of atoi()

Omar Polo <op@omarpolo.com> wrote:

> On 2024/08/29 11:00:14 -0600, "Theo de Raadt" <deraadt@openbsd.org> wrote:
> > The bounds are pretty high, but it looks reasonable.
> 
> my other idea was to use 10000, would it be preferred?  It's difficult
> to come up with tight bounds here, nor desiderable, but yeah, INT_MAX
> is way too much.  10k should be still way, wayyy more than needed but
> still far away from INT_MAX to avoid overflows.

Right now it is INT_MAX, so it should stay the same.

2024-08-29 17:00 Theo de Raadt:
usr.bin/patch: use strtonum instead of atoi()
- 2024-08-29 20:59 Omar Polo:
  usr.bin/patch: use strtonum instead of atoi()
- - 2024-08-29 22:04 Theo de Raadt:
    usr.bin/patch: use strtonum instead of atoi()