This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug libc/17897] Multiple 'Dynamic Stack Allocations' in security point of view

From: "max at cxib dot net" <sourceware-bugzilla at sourceware dot org>
To: glibc-bugs at sourceware dot org
Date: Thu, 29 Jan 2015 14:55:29 +0000
Subject: [Bug libc/17897] Multiple 'Dynamic Stack Allocations' in security point of view
Auto-submitted: auto-generated
References: <bug-17897-131 at http dot sourceware dot org/bugzilla/>

https://sourceware.org/bugzilla/show_bug.cgi?id=17897

--- Comment #2 from Max <max at cxib dot net> ---
> Please do not file omnibus bugs like this; file one bug for each separate 
> instance where you believe the stack allocation is unbounded, unless two 
> instances are extremely closely related (variants of the same code, 
> cut-and-pasted twice, for example).

ok. However, I didn't check yet how long buffer may be used in the examples
above. Therefore, everything is in one issue.

> (Unbounded stack allocations are considered bugs whether or not they cross 
> privilege boundaries, but are only security issues where a privilege 
> boundary is plausibly crossed.)
> 

a application crash cannot be considered as a possible DoS?

-- 
You are receiving this mail because:
You are on the CC list for the bug.

References:
- [Bug libc/17897] New: Multiple 'Dynamic Stack Allocations' in security point of view
  - From: max at cxib dot net

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]