Bug 3253 - glob() crashes when trying to match too many files
Summary: glob() crashes when trying to match too many files
Alias: None
Product: glibc
Classification: Unclassified
Component: libc (show other bugs)
Version: unspecified
: P2 minor
Target Milestone: ---
Assignee: Ulrich Drepper
Depends on:
Reported: 2006-09-23 02:55 UTC by Petr Baudis
Modified: 2018-04-20 14:20 UTC (History)
2 users (show)

See Also:
Last reconfirmed:
fweimer: security+

The proposed patch (1.41 KB, patch)
2006-09-23 02:56 UTC, Petr Baudis
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Petr Baudis 2006-09-23 02:55:50 UTC
When trying to match really huge amount of files (several hundred of thousands),
glob()'s stack overflows because it uses alloca() to allocate the entry records
temporarily. The attached patch (which is not totally trivial so you might want
to postpone that post glibc-2.5) aims to fix that.
Comment 1 Petr Baudis 2006-09-23 02:56:26 UTC
Created attachment 1320 [details]
The proposed patch
Comment 2 Ulrich Drepper 2006-09-24 17:04:55 UTC
That patch is not acceptable.  We cannot sacrifize speed just for the sake of
some insane people.  Yes, we shouldn't crash but this doesn't mean that
reasonable requests should be slowed down.

The correct solution would use alloca only if the limit determined by
__libc_alloca_cutoff is exceeded.
Comment 3 Ulrich Drepper 2006-09-25 15:54:00 UTC
Should be fixed in cvs with a different patch.