This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug libc/14547] strcoll integer / buffer overflow

From: "bugdal at aerifal dot cx" <sourceware-bugzilla at sourceware dot org>
To: glibc-bugs at sources dot redhat dot com
Date: Sat, 08 Sep 2012 03:38:25 +0000
Subject: [Bug libc/14547] strcoll integer / buffer overflow
Auto-submitted: auto-generated
References: <bug-14547-131@http.sourceware.org/bugzilla/>

http://sourceware.org/bugzilla/show_bug.cgi?id=14547

Rich Felker <bugdal at aerifal dot cx> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |bugdal at aerifal dot cx

--- Comment #3 from Rich Felker <bugdal at aerifal dot cx> 2012-09-08 03:38:25 UTC ---
Although this bug report regards the serious security vuln in strcoll, even if
the overflow issues are fixed, a serious bug will remain. The strcoll interface
does not permit failure. It must yield a consistent ordering. If it can fail
sporadically from memory exhaustion, it can cause other interfaces using it
(such as qsort) which rely on it to be a consistent ordering to invoke
undefined behavior. While an immediate security fix is needed for the issues
reported here, the implementation of strcoll calls for drastic redesign to be
completely free of malloc or any other operation that could fail.

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

References:
- [Bug libc/14547] New: strcoll integer / buffer overflow
  - From: jsm28 at gcc dot gnu.org

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]