This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [PATCH v3] tzset robustness [BZ#17715]


On 02/18/2015 11:46 AM, Florian Weimer wrote:
> On 02/16/2015 11:51 PM, Paul Eggert wrote:
>> Florian Weimer wrote:
>>> So I'm not sure what to do here.  Get rid of the alloca?  That's going
>>> to be more difficult to review.
>>
>> I haven't read the code carefully, but if the only reason for the alloca
>> is to have a temporary string that one can munge by storing '\0' bytes
>> at strategic locations, then I presume that one could rewrite the code
>> to avoid the need to make a temporary copy,
> 
> Indeed.  I introduced __tzstring_len to avoid the need for the copy, and
> broke down __tzset_parse_tz into several smaller functions.  Hopefully,
> the control flow is more transparent.

Ping?

Should I split this up into multiple parts?

One of the issues addressed was previously raised on oss-security:

  <http://www.openwall.com/lists/oss-security/2014/12/14/1>
  <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772705>

-- 
Florian Weimer / Red Hat Product Security


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]