On Friday 2015-05-22 13:51, Loganaden Velvindron wrote: >On Fri, May 22, 2015 at 10:59:44AM +0200, Jan Engelhardt wrote: >> >> On Friday 2015-05-22 10:50, Hannes Frederic Sowa wrote: >> > >> >> + if ((nmemb >= MUL_NO_OVERFLOW || size >= MUL_NO_OVERFLOW) && >> > >> >if ((nmemb|size) >= MUL_NO_OVERFLOW) && ... >> >> I am sure there are many C tricks one can do, but iptables is >> hardly that time-critical to warrant such. > >The same can be said of ipset, which uses strlcpy and has strlcat in >its library. However, those are safer APIs to use. > >In this particular case, it's safer to use reallocarray(NULL,x,y) rather than >malloc(x*y). My comment was not about reallocarray–malloc, but about the not-immediately-self-explanatory expression ((a|b) >= x) which to me sounds like a Google interview question similar to "what would (x&~(x-1))==x do". -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html