This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug hurd/10265] heap overflow condition in stdlib/canonicalize.c

From: "neleai at seznam dot cz" <sourceware-bugzilla at sourceware dot org>
To: glibc-bugs at sourceware dot org
Date: Sat, 12 Oct 2013 19:18:11 +0000
Subject: [Bug hurd/10265] heap overflow condition in stdlib/canonicalize.c
Auto-submitted: auto-generated
References: <bug-10265-131 at http dot sourceware dot org/bugzilla/>

https://sourceware.org/bugzilla/show_bug.cgi?id=10265

Ondrej Bilka <neleai at seznam dot cz> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
                 CC|                            |neleai at seznam dot cz
         Resolution|---                         |INVALID

--- Comment #1 from Ondrej Bilka <neleai at seznam dot cz> ---
> The following code in stdlib/canonicalize.c hardcodes path_max to 1024 for
> systems that don't have any limit (such as GNU/Hurd):
>
> This will result in heap overflows if the canonicalized path expands to
> something longer than 1024.

This does not make sense. It shares logic with systems where path_max is
defined where overexpansion should be handled correctly.

If you want to show that there is overflow condition write a program where
valgrind will report a invalid write or returns path longer than 1024 bytes.

Until that closing.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]