public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug malloc/14483] New: obstack uses int for allocation sizes
@ 2012-08-16 22:23 jsm28 at gcc dot gnu.org
2013-01-09 16:52 ` [Bug malloc/14483] " schwab@linux-m68k.org
` (7 more replies)
0 siblings, 8 replies; 9+ messages in thread
From: jsm28 at gcc dot gnu.org @ 2012-08-16 22:23 UTC (permalink / raw)
To: glibc-bugs
http://sourceware.org/bugzilla/show_bug.cgi?id=14483
Bug #: 14483
Summary: obstack uses int for allocation sizes
Product: glibc
Version: 2.16
Status: NEW
Severity: normal
Priority: P2
Component: malloc
AssignedTo: unassigned@sourceware.org
ReportedBy: jsm28@gcc.gnu.org
Classification: Unclassified
The obstack code uses int throughout as a type to store and return sizes of
memory allocations. It should use size_t to avoid arbitrary limits on the size
of objects (or incorrect returns in the case of obstack_memory_used).
I don't know offhand if fixing this will require new symbol versions for
obstack functions and a change to _GNU_OBSTACK_INTERFACE_VERSION.
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug malloc/14483] obstack uses int for allocation sizes
2012-08-16 22:23 [Bug malloc/14483] New: obstack uses int for allocation sizes jsm28 at gcc dot gnu.org
@ 2013-01-09 16:52 ` schwab@linux-m68k.org
2013-10-20 21:08 ` neleai at seznam dot cz
` (6 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: schwab@linux-m68k.org @ 2013-01-09 16:52 UTC (permalink / raw)
To: glibc-bugs
http://sourceware.org/bugzilla/show_bug.cgi?id=14483
--- Comment #1 from Andreas Schwab <schwab@linux-m68k.org> 2013-01-09 16:52:00 UTC ---
The obstack interface was last incompatibly changed in 2006 when Paul Eggert's
alignment changes were merged. _GNU_OBSTACK_INTERFACE_VERSION should be
abandoned completely.
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug malloc/14483] obstack uses int for allocation sizes
2012-08-16 22:23 [Bug malloc/14483] New: obstack uses int for allocation sizes jsm28 at gcc dot gnu.org
2013-01-09 16:52 ` [Bug malloc/14483] " schwab@linux-m68k.org
@ 2013-10-20 21:08 ` neleai at seznam dot cz
2014-06-17 18:36 ` fweimer at redhat dot com
` (5 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: neleai at seznam dot cz @ 2013-10-20 21:08 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=14483
Ondrej Bilka <neleai at seznam dot cz> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |neleai at seznam dot cz
Severity|normal |enhancement
--- Comment #2 from Ondrej Bilka <neleai at seznam dot cz> ---
Returning a stack sie as size_t could be feasible. However extending arguments
from ints is nonsense, obstack is used for quick allocation of lot of small
objects. You can have only few large objects until you run out of memory, Also
returning huge chunks of memory to system looks better than keeping them in
obstack.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug malloc/14483] obstack uses int for allocation sizes
2012-08-16 22:23 [Bug malloc/14483] New: obstack uses int for allocation sizes jsm28 at gcc dot gnu.org
2013-01-09 16:52 ` [Bug malloc/14483] " schwab@linux-m68k.org
2013-10-20 21:08 ` neleai at seznam dot cz
@ 2014-06-17 18:36 ` fweimer at redhat dot com
2014-06-25 10:49 ` fweimer at redhat dot com
` (4 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: fweimer at redhat dot com @ 2014-06-17 18:36 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=14483
Florian Weimer <fweimer at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |fweimer at redhat dot com
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug malloc/14483] obstack uses int for allocation sizes
2012-08-16 22:23 [Bug malloc/14483] New: obstack uses int for allocation sizes jsm28 at gcc dot gnu.org
` (2 preceding siblings ...)
2014-06-17 18:36 ` fweimer at redhat dot com
@ 2014-06-25 10:49 ` fweimer at redhat dot com
2014-07-24 7:01 ` amodra at gmail dot com
` (3 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: fweimer at redhat dot com @ 2014-06-25 10:49 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=14483
Florian Weimer <fweimer at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Flags| |security-
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug malloc/14483] obstack uses int for allocation sizes
2012-08-16 22:23 [Bug malloc/14483] New: obstack uses int for allocation sizes jsm28 at gcc dot gnu.org
` (3 preceding siblings ...)
2014-06-25 10:49 ` fweimer at redhat dot com
@ 2014-07-24 7:01 ` amodra at gmail dot com
2014-08-04 11:19 ` fweimer at redhat dot com
` (2 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: amodra at gmail dot com @ 2014-07-24 7:01 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=14483
Alan Modra <amodra at gmail dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
CC| |amodra at gmail dot com
Assignee|unassigned at sourceware dot org |amodra at gmail dot com
--- Comment #3 from Alan Modra <amodra at gmail dot com> ---
Using int for sizes in the current obstack code is also a security breach, a
buffer overflow on steroids. A default buffer of around 4k is seen as
sufficiently large to write a 2G+ object.. This is true for both 32-bit and
64-bit targets.
See https://sourceware.org/bugzilla/show_bug.cgi?id=17133
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug malloc/14483] obstack uses int for allocation sizes
2012-08-16 22:23 [Bug malloc/14483] New: obstack uses int for allocation sizes jsm28 at gcc dot gnu.org
` (4 preceding siblings ...)
2014-07-24 7:01 ` amodra at gmail dot com
@ 2014-08-04 11:19 ` fweimer at redhat dot com
2014-12-10 13:02 ` amodra at gmail dot com
2024-04-24 7:04 ` amodra at gmail dot com
7 siblings, 0 replies; 9+ messages in thread
From: fweimer at redhat dot com @ 2014-08-04 11:19 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=14483
--- Comment #4 from Florian Weimer <fweimer at redhat dot com> ---
(In reply to Alan Modra from comment #3)
> Using int for sizes in the current obstack code is also a security breach, a
> buffer overflow on steroids. A default buffer of around 4k is seen as
> sufficiently large to write a 2G+ object.. This is true for both 32-bit and
> 64-bit targets.
>
> See https://sourceware.org/bugzilla/show_bug.cgi?id=17133
I think this is a bug in the caller, not in obstack. But it's an easy mistake
to make, and I consider the use of int for memory region sizes to be bad
practice which should be avoided. Unfortunately, it's difficult to change
legacy APIs.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug malloc/14483] obstack uses int for allocation sizes
2012-08-16 22:23 [Bug malloc/14483] New: obstack uses int for allocation sizes jsm28 at gcc dot gnu.org
` (5 preceding siblings ...)
2014-08-04 11:19 ` fweimer at redhat dot com
@ 2014-12-10 13:02 ` amodra at gmail dot com
2024-04-24 7:04 ` amodra at gmail dot com
7 siblings, 0 replies; 9+ messages in thread
From: amodra at gmail dot com @ 2014-12-10 13:02 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=14483
Alan Modra <amodra at gmail dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
URL| |https://sourceware.org/ml/l
| |ibc-alpha/2014-10/msg00683.
| |html
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug malloc/14483] obstack uses int for allocation sizes
2012-08-16 22:23 [Bug malloc/14483] New: obstack uses int for allocation sizes jsm28 at gcc dot gnu.org
` (6 preceding siblings ...)
2014-12-10 13:02 ` amodra at gmail dot com
@ 2024-04-24 7:04 ` amodra at gmail dot com
7 siblings, 0 replies; 9+ messages in thread
From: amodra at gmail dot com @ 2024-04-24 7:04 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=14483
Alan Modra <amodra at gmail dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC|amodra at gmail dot com |
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2024-04-24 7:04 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2012-08-16 22:23 [Bug malloc/14483] New: obstack uses int for allocation sizes jsm28 at gcc dot gnu.org
2013-01-09 16:52 ` [Bug malloc/14483] " schwab@linux-m68k.org
2013-10-20 21:08 ` neleai at seznam dot cz
2014-06-17 18:36 ` fweimer at redhat dot com
2014-06-25 10:49 ` fweimer at redhat dot com
2014-07-24 7:01 ` amodra at gmail dot com
2014-08-04 11:19 ` fweimer at redhat dot com
2014-12-10 13:02 ` amodra at gmail dot com
2024-04-24 7:04 ` amodra at gmail dot com
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).