This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug libc/5346] gettext crashes when a very long string is passed as argument and the stack size is limited
- From: "bruno at clisp dot org" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sources dot redhat dot com
- Date: 16 Nov 2007 01:36:24 -0000
- Subject: [Bug libc/5346] gettext crashes when a very long string is passed as argument and the stack size is limited
- References: <20071116012223.5346.bruno@clisp.org>
- Reply-to: sourceware-bugzilla at sourceware dot org
------- Additional Comments From bruno at clisp dot org 2007-11-16 01:36 -------
Created an attachment (id=2092)
--> (http://sourceware.org/bugzilla/attachment.cgi?id=2092&action=view)
patch that fixes the bug
The cause of the bug is in dcigettext.c, the alloca() call, whose size is
computed as <fixed> + strlen (msgid1). A possible fix would be use malloc()
instead of alloca() when the size is > 4000. But in this case it is possible
to get away with a bounded-size allocation. This is better because the input
string does not have to be copied at all.
The attached patch has been verified to fix the bug in the intl/ package of GNU
gettext. I expect that it also fixes the bug when applied inside glibc. The
patch is relative to the glibc CVS as of today.
You might also want to add the test case to the test suite.
--
http://sourceware.org/bugzilla/show_bug.cgi?id=5346
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.