This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [PATCH] vfprint: validate nargs and argument-based offsets


On Mon, 5 Mar 2012, Tomas Hoger wrote:

> A commenter in Red Hat bugzilla proposed different fix:
> 
> https://bugzilla.redhat.com/show_bug.cgi?id=794766#c8
> 
>   The easiest fix would have been to restrict "nargs" to NL_ARGMAX.
> 
>   http://www.opengroup.org/onlinepubs/9699919799/basedefs/limits.h.html#tag_13_23_03_07
> 
> which has the benefit of avoiding possibly large heap allocation in the
> bad case.  Kees, have you considered such approach?

The GNU Coding Standards say to avoid arbitrary limits, so it's correct 
that the number of such arguments should be limited only by available 
memory.  (Note that printf requires that there are no gaps in the numbers 
in the format string, so specifying argument 1000000 with a format string 
that doesn't specify all smaller numbers as well means the format is 
invalid, for example.  For scanf, there isn't this requirement; there may 
be gaps in the numbers as long as pointers were passed for the unused 
arguments.)

-- 
Joseph S. Myers
joseph@codesourcery.com


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]