[Bug libc/16038] New: A very large alignment value causes memalign/posix

public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed

* [Bug libc/16038] New: A very large alignment value causes memalign/posix_memalign to loop forever
@ 2013-10-10  7:54 will.newton at gmail dot com
  2013-10-10  7:55 ` [Bug libc/16038] " will.newton at gmail dot com
                   ` (3 more replies)
  0 siblings, 4 replies; 5+ messages in thread
From: will.newton at gmail dot com @ 2013-10-10  7:54 UTC (permalink / raw)
  To: glibc-bugs

https://sourceware.org/bugzilla/show_bug.cgi?id=16038

            Bug ID: 16038
           Summary: A very large alignment value causes
                    memalign/posix_memalign to loop forever
           Product: glibc
           Version: 2.18
            Status: NEW
          Severity: normal
          Priority: P2
         Component: libc
          Assignee: unassigned at sourceware dot org
          Reporter: will.newton at gmail dot com
                CC: drepper.fsp at gmail dot com

-- 
You are receiving this mail because:
You are on the CC list for the bug.


^ permalink raw reply	[flat|nested] 5+ messages in thread

* [Bug libc/16038] A very large alignment value causes memalign/posix_memalign to loop forever
  2013-10-10  7:54 [Bug libc/16038] New: A very large alignment value causes memalign/posix_memalign to loop forever will.newton at gmail dot com
@ 2013-10-10  7:55 ` will.newton at gmail dot com
  2013-10-30 21:46 ` cvs-commit at gcc dot gnu.org
                   ` (2 subsequent siblings)
  3 siblings, 0 replies; 5+ messages in thread
From: will.newton at gmail dot com @ 2013-10-10  7:55 UTC (permalink / raw)
  To: glibc-bugs

https://sourceware.org/bugzilla/show_bug.cgi?id=16038

--- Comment #1 from Will Newton <will.newton at gmail dot com> ---

Passing a very large value for the alignment parameter of
memalign/posix_memalign causes _int_memalign to enter an infinite loop, e.g.:

memalign(-1, 0x1000);

-- 
You are receiving this mail because:
You are on the CC list for the bug.


^ permalink raw reply	[flat|nested] 5+ messages in thread

* [Bug libc/16038] A very large alignment value causes memalign/posix_memalign to loop forever
  2013-10-10  7:54 [Bug libc/16038] New: A very large alignment value causes memalign/posix_memalign to loop forever will.newton at gmail dot com
  2013-10-10  7:55 ` [Bug libc/16038] " will.newton at gmail dot com
@ 2013-10-30 21:46 ` cvs-commit at gcc dot gnu.org
  2013-10-30 21:53 ` will.newton at gmail dot com
  2014-06-13 12:40 ` fweimer at redhat dot com
  3 siblings, 0 replies; 5+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2013-10-30 21:46 UTC (permalink / raw)
  To: glibc-bugs

http://sourceware.org/bugzilla/show_bug.cgi?id=16038

--- Comment #2 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
       via  a56ee40b176d0a3f47f2a7eb75208f2e3763c9fd (commit)
      from  c6e4925d4069d38843c02994ffd284e8c87c8929 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=a56ee40b176d0a3f47f2a7eb75208f2e3763c9fd

commit a56ee40b176d0a3f47f2a7eb75208f2e3763c9fd
Author: Will Newton <will.newton@linaro.org>
Date:   Thu Oct 10 13:17:13 2013 +0100

    malloc: Fix for infinite loop in memalign/posix_memalign.

    A very large alignment argument passed to mealign/posix_memalign
    causes _int_memalign to enter an infinite loop. Limit the maximum
    alignment value to the maximum representable power of two to
    prevent this from happening.

    Changelog:

    2013-10-30  Will Newton  <will.newton@linaro.org>

        [BZ #16038]
        * malloc/hooks.c (memalign_check): Limit alignment to the
        maximum representable power of two.
        * malloc/malloc.c (__libc_memalign): Likewise.
        * malloc/tst-memalign.c (do_test): Add test for very
        large alignment values.
        * malloc/tst-posix_memalign.c (do_test): Likewise.

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog                   |   10 ++++++++++
 malloc/hooks.c              |    8 ++++++++
 malloc/malloc.c             |    8 ++++++++
 malloc/tst-memalign.c       |   15 +++++++++++++++
 malloc/tst-posix_memalign.c |   10 ++++++++++
 5 files changed, 51 insertions(+), 0 deletions(-)

-- 
You are receiving this mail because:
You are on the CC list for the bug.


^ permalink raw reply	[flat|nested] 5+ messages in thread

* [Bug libc/16038] A very large alignment value causes memalign/posix_memalign to loop forever
  2013-10-10  7:54 [Bug libc/16038] New: A very large alignment value causes memalign/posix_memalign to loop forever will.newton at gmail dot com
  2013-10-10  7:55 ` [Bug libc/16038] " will.newton at gmail dot com
  2013-10-30 21:46 ` cvs-commit at gcc dot gnu.org
@ 2013-10-30 21:53 ` will.newton at gmail dot com
  2014-06-13 12:40 ` fweimer at redhat dot com
  3 siblings, 0 replies; 5+ messages in thread
From: will.newton at gmail dot com @ 2013-10-30 21:53 UTC (permalink / raw)
  To: glibc-bugs

https://sourceware.org/bugzilla/show_bug.cgi?id=16038

Will Newton <will.newton at gmail dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |FIXED

--- Comment #3 from Will Newton <will.newton at gmail dot com> ---

Fixed in a56ee40b176d0a3f47f2a7eb75208f2e3763c9fd.

-- 
You are receiving this mail because:
You are on the CC list for the bug.


^ permalink raw reply	[flat|nested] 5+ messages in thread

* [Bug libc/16038] A very large alignment value causes memalign/posix_memalign to loop forever
  2013-10-10  7:54 [Bug libc/16038] New: A very large alignment value causes memalign/posix_memalign to loop forever will.newton at gmail dot com
                   ` (2 preceding siblings ...)
  2013-10-30 21:53 ` will.newton at gmail dot com
@ 2014-06-13 12:40 ` fweimer at redhat dot com
  3 siblings, 0 replies; 5+ messages in thread
From: fweimer at redhat dot com @ 2014-06-13 12:40 UTC (permalink / raw)
  To: glibc-bugs

https://sourceware.org/bugzilla/show_bug.cgi?id=16038

Florian Weimer <fweimer at redhat dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |fweimer at redhat dot com
              Flags|                            |security-

--- Comment #4 from Florian Weimer <fweimer at redhat dot com> ---
The alignment should come from a trusted source, so this does not cross a trust
boundary and is not a security vulnerability.

-- 
You are receiving this mail because:
You are on the CC list for the bug.


^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2014-06-13 12:40 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-10-10  7:54 [Bug libc/16038] New: A very large alignment value causes memalign/posix_memalign to loop forever will.newton at gmail dot com
2013-10-10  7:55 ` [Bug libc/16038] " will.newton at gmail dot com
2013-10-30 21:46 ` cvs-commit at gcc dot gnu.org
2013-10-30 21:53 ` will.newton at gmail dot com
2014-06-13 12:40 ` fweimer at redhat dot com

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).