3253 – glob() crashes when trying to match too many files

Bug 3253 - glob() crashes when trying to match too many files

Summary: glob() crashes when trying to match too many files

Status:	RESOLVED FIXED

Alias:	None

Product:	glibc
Classification:	Unclassified
Component:	libc (show other bugs)
Version:	unspecified

Importance:	P2 minor
Target Milestone:	---
Assignee:	Ulrich Drepper

URL:
Keywords:

Depends on:
Blocks:

Reported:	2006-09-23 02:55 UTC by Petr Baudis
Modified:	2018-04-20 14:20 UTC (History)
CC List:	2 users (show)

See Also:
Host:
Target:
Build:
Last reconfirmed:

Flags:	fweimer: security+

Attachments
The proposed patch (1.41 KB, patch) 2006-09-23 02:56 UTC, Petr Baudis	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Petr Baudis 2006-09-23 02:55:50 UTC

When trying to match really huge amount of files (several hundred of thousands),
glob()'s stack overflows because it uses alloca() to allocate the entry records
temporarily. The attached patch (which is not totally trivial so you might want
to postpone that post glibc-2.5) aims to fix that.

Comment 1 Petr Baudis 2006-09-23 02:56:26 UTC

Created attachment 1320 [details]
The proposed patch

Comment 2 Ulrich Drepper 2006-09-24 17:04:55 UTC

That patch is not acceptable.  We cannot sacrifize speed just for the sake of
some insane people.  Yes, we shouldn't crash but this doesn't mean that
reasonable requests should be slowed down.

The correct solution would use alloca only if the limit determined by
__libc_alloca_cutoff is exceeded.

Comment 3 Ulrich Drepper 2006-09-25 15:54:00 UTC

Should be fixed in cvs with a different patch.