This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: glibc segfault on "special" long double values is _ok_!?


Andreas Schwab writes:

> Jim Meyering <jim@meyering.net> writes:
> 
> > I'm interested, because I don't want my applications to segfault on such
> > inputs.  Sure it may look a little far-fetched, but I think it's not.
> > Imagine such a bit pattern being injected into a network data stream
> > that is then printed as a long double.  Just printing an arbitrary
> > "long double" should not make a server vulnerable to a DoS attack.
> 
> In which way is this different from passing NULL to strlen?

In that long doubles are scalar values while strlen's argument is a
pointer value.  In general with scalars there is no value whose
meaning or effect is undefined, unlike pointers.

If glibc can indeed be made to segfault just by doing printf on some
particular long double value then I think that is worth reporting as a
security vulnerability.

Paul.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]