This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug libc/14547] strcoll integer / buffer overflow
- From: "bugdal at aerifal dot cx" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sources dot redhat dot com
- Date: Sat, 08 Sep 2012 03:38:25 +0000
- Subject: [Bug libc/14547] strcoll integer / buffer overflow
- Auto-submitted: auto-generated
- References: <bug-14547-131@http.sourceware.org/bugzilla/>
http://sourceware.org/bugzilla/show_bug.cgi?id=14547
Rich Felker <bugdal at aerifal dot cx> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |bugdal at aerifal dot cx
--- Comment #3 from Rich Felker <bugdal at aerifal dot cx> 2012-09-08 03:38:25 UTC ---
Although this bug report regards the serious security vuln in strcoll, even if
the overflow issues are fixed, a serious bug will remain. The strcoll interface
does not permit failure. It must yield a consistent ordering. If it can fail
sporadically from memory exhaustion, it can cause other interfaces using it
(such as qsort) which rely on it to be a consistent ordering to invoke
undefined behavior. While an immediate security fix is needed for the issues
reported here, the implementation of strcoll calls for drastic redesign to be
completely free of malloc or any other operation that could fail.
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.