This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug libc/2753] Integer overflow in bsearch
- From: "neleai at seznam dot cz" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Tue, 25 Nov 2014 21:54:07 +0000
- Subject: [Bug libc/2753] Integer overflow in bsearch
- Auto-submitted: auto-generated
- References: <bug-2753-131 at http dot sourceware dot org/bugzilla/>
https://sourceware.org/bugzilla/show_bug.cgi?id=2753
Ondrej Bilka <neleai at seznam dot cz> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |neleai at seznam dot cz
--- Comment #6 from Ondrej Bilka <neleai at seznam dot cz> ---
> The bug could be fixed by replacing '__idx = (__l + __u) / 2' with '__idx = __l > + (__u - __l)/2' in bits/stdlib-bsearch.h. I don't see a good reason not to.
A good reason is that it causes a performance penalty. To trigger overflow you
need to fill more than half of address space with bytes. As it needs to be
sorted one could just simulate it by array with 256 indexes where that number
starts. Anyone that triggers that scenario should be fired for incompetence.
--
You are receiving this mail because:
You are on the CC list for the bug.