This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH v3] [BZ #15857] malloc: Check for integer overflow in memalign.
- From: Will Newton <will dot newton at linaro dot org>
- To: Siddhesh Poyarekar <siddhesh dot poyarekar at gmail dot com>
- Cc: GNU C Library <libc-alpha at sourceware dot org>, Patch Tracking <patches at linaro dot org>
- Date: Wed, 11 Sep 2013 11:32:12 +0100
- Subject: Re: [PATCH v3] [BZ #15857] malloc: Check for integer overflow in memalign.
- Authentication-results: sourceware.org; auth=none
- References: <522F1BA7 dot 7070102 at linaro dot org> <CAAHN_R0gdT6M=gq=yTWV5xZ47eEu1iDRQXMKK1sKNk_i-PEVaA at mail dot gmail dot com> <CANu=Dmh4QkKogpXHO0P2YN2szLhQuyVz+UnYGzgcbpj+ODKKOw at mail dot gmail dot com> <CAAHN_R0SXm8RMQGDw+ASBZRH9bNvfzng0Vp+6CUpV2NM+m_KzA at mail dot gmail dot com>
On 11 September 2013 11:18, Siddhesh Poyarekar
<siddhesh.poyarekar@gmail.com> wrote:
>> Also I am not sure if it is worth allocating a CVE number for these
>> issues - pvalloc and valloc seem very rarely used but memalign and
>> posix_memalign are more common.
>
> It would be useful to allocate a CVE number. The fact that pvalloc
> and valloc are rarely used doesn't matter in this decision - it
> matters when evaluating the impact of the bug.
I'm not sure what the process is here, MAINTAINERS on the wiki has a
link to CERT, but I aware that there are folks who work for CVE
issuing authorities on this list. ;-)
--
Will Newton
Toolchain Working Group, Linaro