Date: Thu, 29 Dec 2016 22:23:48 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 213922] crafted data could cause qsort to exhaust stack space Message-ID: <bug-213922-8-hoCAGRVEEv@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-213922-8@https.bugs.freebsd.org/bugzilla/> References: <bug-213922-8@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D213922 --- Comment #4 from Pedro F. Giffuni <pfg@FreeBSD.org> --- (In reply to jhoward from comment #3) Thanks for looking into it. I have just been too busy. BTW, if you could up= load a diff to bugzilla it would be much better. You can check the standalone tests here: https://svnweb.freebsd.org/base/stable/9/tools/regression/lib/libc/stdlib/ (Newer FreeBSD versions have integrated the regression tool into the testsuite.) I think I had a random testcase with more datapoints somewhere = to verify the last commit. and you can get VM images from ftp, for example here: ftp://ftp.freebsd.org/pub/FreeBSD/releases/VM-IMAGES/11.0-RELEASE/ About exploitability, it very much depends on where qsort() is used, opengr= ok is your friend, and if you are able to realistically generate such sequence= . I am aware there are cases where the algorithm can be suboptimal; it may be t= he case that the algorithm needs revision (I just haven't seen a case in real life). --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-213922-8-hoCAGRVEEv>