[Bug regex/1245] regexec invokes alloca with unbounded size; plus alloca cleanup

public inbox for glibc-bugs-regex@sourceware.org
help / color / mirror / Atom feed

* [Bug regex/1245] regexec invokes alloca with unbounded size; plus alloca cleanup
       [not found] <bug-1245-132@http.sourceware.org/bugzilla/>
@ 2014-06-13 10:53 ` fweimer at redhat dot com
  0 siblings, 0 replies; 5+ messages in thread
From: fweimer at redhat dot com @ 2014-06-13 10:53 UTC (permalink / raw)
  To: glibc-bugs-regex

https://sourceware.org/bugzilla/show_bug.cgi?id=1245

Florian Weimer <fweimer at redhat dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |fweimer at redhat dot com
              Flags|                            |security+

-- 
You are receiving this mail because:
You are on the CC list for the bug.


^ permalink raw reply	[flat|nested] 5+ messages in thread

* [Bug regex/1245] New: regexec invokes alloca with unbounded size; plus alloca cleanup
@ 2005-08-26  5:54 eggert at gnu dot org
  2005-08-26  5:54 ` [Bug regex/1245] " eggert at gnu dot org
                   ` (3 more replies)
  0 siblings, 4 replies; 5+ messages in thread
From: eggert at gnu dot org @ 2005-08-26  5:54 UTC (permalink / raw)
  To: glibc-bugs-regex

I noticed that regexec's set_regs functions invokes alloca with a potentially
unbounded size.  glibc code is supposed to check the size first with
__libc_use_alloca first.

While fixing this, I noticed a lot of ancient portability cruft for alloca,
intended for use outside glibc, that is no longer needed now that gnulib
supplies an alloca module.  This can be cleaned out now.

I'll attach a patch.

-- 
           Summary: regexec invokes alloca with unbounded size; plus alloca
                    cleanup
           Product: glibc
           Version: 2.3.5
            Status: NEW
          Severity: normal
          Priority: P2
         Component: regex
        AssignedTo: gotom at debian dot or dot jp
        ReportedBy: eggert at gnu dot org
                CC: glibc-bugs-regex at sources dot redhat dot com,glibc-
                    bugs at sources dot redhat dot com
 BugsThisDependsOn: 1241


http://sources.redhat.com/bugzilla/show_bug.cgi?id=1245

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.


^ permalink raw reply	[flat|nested] 5+ messages in thread

* [Bug regex/1245] regexec invokes alloca with unbounded size; plus alloca cleanup
  2005-08-26  5:54 [Bug regex/1245] New: " eggert at gnu dot org
@ 2005-08-26  5:54 ` eggert at gnu dot org
  2005-08-26  6:07 ` eggert at gnu dot org
                   ` (2 subsequent siblings)
  3 siblings, 0 replies; 5+ messages in thread
From: eggert at gnu dot org @ 2005-08-26  5:54 UTC (permalink / raw)
  To: glibc-bugs-regex


------- Additional Comments From eggert at gnu dot org  2005-08-26 05:53 -------
Created an attachment (id=620)
 --> (http://sources.redhat.com/bugzilla/attachment.cgi?id=620&action=view)
alloca cleanup for regex


-- 


http://sources.redhat.com/bugzilla/show_bug.cgi?id=1245

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.


^ permalink raw reply	[flat|nested] 5+ messages in thread

* [Bug regex/1245] regexec invokes alloca with unbounded size; plus alloca cleanup
  2005-08-26  5:54 [Bug regex/1245] New: " eggert at gnu dot org
  2005-08-26  5:54 ` [Bug regex/1245] " eggert at gnu dot org
@ 2005-08-26  6:07 ` eggert at gnu dot org
  2005-09-06 20:26 ` drepper at redhat dot com
  2005-09-06 20:52 ` drepper at redhat dot com
  3 siblings, 0 replies; 5+ messages in thread
From: eggert at gnu dot org @ 2005-08-26  6:07 UTC (permalink / raw)
  To: glibc-bugs-regex


------- Additional Comments From eggert at gnu dot org  2005-08-26 06:07 -------
Created an attachment (id=621)
 --> (http://sources.redhat.com/bugzilla/attachment.cgi?id=621&action=view)
alloca cleanup for regex (revised)

Sorry, there was a stray underscore in the original patch:
_LIBC was misspelled as "__LIBC".  Here's a fixed version.

-- 
           What    |Removed                     |Added
----------------------------------------------------------------------------
 Attachment #620 is|0                           |1
           obsolete|                            |


http://sources.redhat.com/bugzilla/show_bug.cgi?id=1245

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.


^ permalink raw reply	[flat|nested] 5+ messages in thread

* [Bug regex/1245] regexec invokes alloca with unbounded size; plus alloca cleanup
  2005-08-26  5:54 [Bug regex/1245] New: " eggert at gnu dot org
  2005-08-26  5:54 ` [Bug regex/1245] " eggert at gnu dot org
  2005-08-26  6:07 ` eggert at gnu dot org
@ 2005-09-06 20:26 ` drepper at redhat dot com
  2005-09-06 20:52 ` drepper at redhat dot com
  3 siblings, 0 replies; 5+ messages in thread
From: drepper at redhat dot com @ 2005-09-06 20:26 UTC (permalink / raw)
  To: glibc-bugs-regex



-- 
Bug 1245 depends on bug 1241, which changed state.

Bug 1241 Summary: regex isn't compilable by g++; also, a dereferencing bug
http://sourceware.org/bugzilla/show_bug.cgi?id=1241

           What    |Old Value                   |New Value
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |INVALID

http://sourceware.org/bugzilla/show_bug.cgi?id=1245

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.


^ permalink raw reply	[flat|nested] 5+ messages in thread

* [Bug regex/1245] regexec invokes alloca with unbounded size; plus alloca cleanup
  2005-08-26  5:54 [Bug regex/1245] New: " eggert at gnu dot org
                   ` (2 preceding siblings ...)
  2005-09-06 20:26 ` drepper at redhat dot com
@ 2005-09-06 20:52 ` drepper at redhat dot com
  3 siblings, 0 replies; 5+ messages in thread
From: drepper at redhat dot com @ 2005-09-06 20:52 UTC (permalink / raw)
  To: glibc-bugs-regex


------- Additional Comments From drepper at redhat dot com  2005-09-06 20:52 -------
Applied to trunk.

-- 
           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |FIXED


http://sourceware.org/bugzilla/show_bug.cgi?id=1245

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.


^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2014-06-13 10:53 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
     [not found] <bug-1245-132@http.sourceware.org/bugzilla/>
2014-06-13 10:53 ` [Bug regex/1245] regexec invokes alloca with unbounded size; plus alloca cleanup fweimer at redhat dot com
2005-08-26  5:54 [Bug regex/1245] New: " eggert at gnu dot org
2005-08-26  5:54 ` [Bug regex/1245] " eggert at gnu dot org
2005-08-26  6:07 ` eggert at gnu dot org
2005-09-06 20:26 ` drepper at redhat dot com
2005-09-06 20:52 ` drepper at redhat dot com

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).