This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: FYI - bash crash due to asprintf bug

Robbie Gates <robbie <at>> writes:

> > reduces asprintf's use of realloc from quadratic
> > to log-linear performance (ie. calling realloc every time you add a byte
> > is bad, compared to doubling the buffer size every time you call realloc).
> Just out of interest, note that a size increase of 50% (i.e. new size
> = (3*oldsize)/2) has better properties for certain memory managers, as
> opposed to doubling. It has the same asymptotic complexity improvement
> as doubling. Roughly speaking, any factor less than the golden ratio
> (1+sqrt(5))/2 is good, but 1.5 is (a) cheaply obtanied on most cpu
> architectures, and (b) leaves a little space in case the memory
> manager adds some overhead. See for details.

Thanks for the advice.  Here's the patch I submitted:

The full vulnerability is that on cygwin, any program that uses asprintf with 
cygwin 1.5.22 or earlier, where the result of asprintf is a multiple of 4 but 
not 8 and is greater than 1024, will corrupt the heap.  I'm now debating 
whether it is worth spinning another version of bash that works around this bug 
(by faking out bash's configure to not discover the broken asprintf, so that 
bash then uses its non-buggy replacement asprintf), or just waiting for the 
next cygwin version to come out.

Eric Blake

Unsubscribe info:
Problem reports:

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]