id,summary,reporter,owner,description,type,status,milestone,component,version,severity,resolution,keywords,cc
6827,Integer overflow in read function,msuvajac@…,Jonathan Turkanis,"The problem with this chunk of code (from boost/iostreams/detail/restrict_impl.hpp read function):
{{{
std::streamsize amt =
    end_ != -1 ?
            (std::min) (n, static_cast<std::streamsize>(end_ - pos_)) :
            n;
}}}
is that it's prone to integer overflow. So if you have let's say end_ that is ''> INT_MAX'' ''std::min'' will return 'wrong' (unwanted) value, e.g.:

{{{
std::streamsize a = 0xb14c1000;
std::streamsize b = 1;

std::streamsize result = (std::min)(a, b);
}}}

This will return ''result = 0xb14c1000'' which if applied to our case means we will read ''0xb14c1000'' instead of 1 bytes.

This can be fixed like this:

{{{
std::streamsize amt(n);

if (end_ != -1 && end_ <= std::numeric_limits<std::streamsize>::max())
{
    amt = (std::min) (n, static_cast<std::streamsize>(end_ - pos_));
}
}}}
",Bugs,new,To Be Determined,iostreams,Boost Development Trunk,Showstopper,,"security, overflow, restrict, restriction",