This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[Bug regex/5945] regoff_t wrong has posix type


http://sourceware.org/bugzilla/show_bug.cgi?id=5945

--- Comment #7 from Rich Felker <bugdal at aerifal dot cx> 2013-02-08 02:32:02 UTC ---
Yes, thanks for updating/clarifying that. Is there any chance of this ever
getting fixed? I suspect there may even be obscure vulnerabilities related to
this, if you can somehow pass a string longer than 4gb to regexec and cause the
matches to get truncated, and thus for the caller to either dereference memory
at a negative offset, exposing data it should not, or treating non-matching
data early in the string as a match.

Obviously these could be closed by making the interface even more
non-conforming and rejecting offsets that would overflow, but I think the
proper solution is to add a versioned symbol and fix the type.

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]