[Bug libc/5346] gettext crashes when a very long string is passed as argument and the stack size is limited

public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed

From: "bruno at clisp dot org" <sourceware-bugzilla@sourceware.org>
To: glibc-bugs@sources.redhat.com
Subject: [Bug libc/5346] gettext crashes when a very long string is passed as argument and the stack size is limited
Date: Fri, 16 Nov 2007 01:36:00 -0000	[thread overview]
Message-ID: <20071116013624.20178.qmail@sourceware.org> (raw)
In-Reply-To: <20071116012223.5346.bruno@clisp.org>

------- Additional Comments From bruno at clisp dot org  2007-11-16 01:36 -------
Created an attachment (id=2092)
 --> (http://sourceware.org/bugzilla/attachment.cgi?id=2092&action=view)
patch that fixes the bug

The cause of the bug is in dcigettext.c, the alloca() call, whose size is
computed as <fixed> + strlen (msgid1). A possible fix would be use malloc()
instead of alloca() when the size is > 4000. But in this case it is possible
to get away with a bounded-size allocation. This is better because the input
string does not have to be copied at all.

The attached patch has been verified to fix the bug in the intl/ package of GNU

gettext. I expect that it also fixes the bug when applied inside glibc. The
patch is relative to the glibc CVS as of today.

You might also want to add the test case to the test suite.

-- 

http://sourceware.org/bugzilla/show_bug.cgi?id=5346

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

next prev parent reply	other threads:[~2007-11-16  1:36 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2007-11-16  1:22 [Bug libc/5346] New: " bruno at clisp dot org
2007-11-16  1:24 ` [Bug libc/5346] " bruno at clisp dot org
2007-11-16  1:36 ` bruno at clisp dot org [this message]
2007-11-16  3:05 ` ismail at pardus dot org dot tr
2007-11-16  3:10 ` bruno at clisp dot org
2007-11-17  7:38 ` drepper at redhat dot com

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20071116013624.20178.qmail@sourceware.org \
    --to=sourceware-bugzilla@sourceware.org \
    --cc=glibc-bugs@sources.redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).