This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug libc/17897] Multiple 'Dynamic Stack Allocations' in security point of view
- From: "max at cxib dot net" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Thu, 29 Jan 2015 14:55:29 +0000
- Subject: [Bug libc/17897] Multiple 'Dynamic Stack Allocations' in security point of view
- Auto-submitted: auto-generated
- References: <bug-17897-131 at http dot sourceware dot org/bugzilla/>
https://sourceware.org/bugzilla/show_bug.cgi?id=17897
--- Comment #2 from Max <max at cxib dot net> ---
> Please do not file omnibus bugs like this; file one bug for each separate
> instance where you believe the stack allocation is unbounded, unless two
> instances are extremely closely related (variants of the same code,
> cut-and-pasted twice, for example).
ok. However, I didn't check yet how long buffer may be used in the examples
above. Therefore, everything is in one issue.
> (Unbounded stack allocations are considered bugs whether or not they cross
> privilege boundaries, but are only security issues where a privilege
> boundary is plausibly crossed.)
>
a application crash cannot be considered as a possible DoS?
--
You are receiving this mail because:
You are on the CC list for the bug.