This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH v3] powerpc: strstr optimization
- From: Joseph Myers <joseph at codesourcery dot com>
- To: Carlos O'Donell <carlos at redhat dot com>
- Cc: Tulio Magno Quites Machado Filho <tuliom at linux dot vnet dot ibm dot com>, Steve Munroe <sjmunroe at us dot ibm dot com>, Florian Weimer <fweimer at redhat dot com>, Ondřej Bílka <neleai at seznam dot cz>, GNU C Library <libc-alpha at sourceware dot org>, Rajalakshmi Srinivasaraghavan <raji at linux dot vnet dot ibm dot com>
- Date: Wed, 22 Jul 2015 19:33:09 +0000
- Subject: Re: [PATCH v3] powerpc: strstr optimization
- Authentication-results: sourceware.org; auth=none
- References: <558A5642 dot 5020107 at linux dot vnet dot ibm dot com> <558A5761 dot 2000409 at linux dot vnet dot ibm dot com> <87oajpm8nc dot fsf at totoro dot br dot ibm dot com> <871tgijuri dot fsf at linux dot vnet dot ibm dot com> <55A6FE3F dot 6090701 at redhat dot com> <55A70B70 dot 6090607 at redhat dot com> <20150716195538 dot GA5140 at domone> <55A8110C dot 7000209 at redhat dot com> <alpine dot DEB dot 2 dot 10 dot 1507221607370 dot 21570 at digraph dot polyomino dot org dot uk> <55AFD91C dot 30404 at redhat dot com>
On Wed, 22 Jul 2015, Carlos O'Donell wrote:
> > If there's a quadratic worst case newly introduced for 2.22, I'd consider
> > that a security hole (denial of service) that needs to block the release
> > of 2.22 until it's fixed (possibly by removing the implementation in
> > question).
>
> Joseph,
>
> We have had quadratic worse case in our string routines for years without
> it blocking a release. I agree that it is not the best case for a release
And I believe we established a consensus, when removing the SSE4
implementation (bug 12100), that such implementations are not suitable for
inclusion in glibc.
> to have such behaviour, but should it block this release?
As a denial-of-service regression (for any code that may use strstr on
untrusted inputs), yes.
--
Joseph S. Myers
joseph@codesourcery.com