From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=oNpQ=LN=redhat.com=fweimer@sourceware.org>
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124])
	by sourceware.org (Postfix) with ESMTPS id C55503858D32
	for <libc-alpha@sourceware.org>; Mon,  8 Apr 2024 08:28:13 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org C55503858D32
Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=redhat.com
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=redhat.com
ARC-Filter: OpenARC Filter v1.0.0 sourceware.org C55503858D32
Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=170.10.129.124
ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1712564904; cv=none;
	b=VbEyebQXqn4ZIOKIDqZVHl5UbIGZuOWs0jdmxMgyWwkcy2ivtRrCMdM6GU519WQCE+bpVcZOQksLJh20ZFxP2uzQp6p64PQPPK6nVZzhpArasnuwdVtcA7wYdv0aki1Nuv22zDFjlTL8gDjpQspWTDcO0bzhu60mJXk7eS//EAk=
ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key;
	t=1712564904; c=relaxed/simple;
	bh=cNqObYQQJ0+kaVELe4x7wIyh6j5qsO2w28zvfiblrGg=;
	h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version; b=VsJmMla1oX7xDqpuhepckJNLGtgcGBVB89RDD6LV9RSVTeXyOo4PAvzNKOBTSZ+mW8wK3obMF37q8DdemhKRAVsmj0bKm6lLqNQ3EmZOGCTfKM7lB7XfXQHMZqGUzZuHv7ttZ8bl5lIrgInDMYLsw9pTzsoBJ1CBOniEgSod0JU=
ARC-Authentication-Results: i=1; server2.sourceware.org
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1712564893;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references;
	bh=F+hVYsmHiUZ2fOixwoHL3veYdzXn9zvC/y/OQPhcih8=;
	b=FY5NxDLDT7siK1500aNEdQjcxuqSXsV7i2SZRkprFU6uzHxtlsaKiK9/3FXi5s5Dh8yxAg
	WvI5OxJlPK2rNzCWWX/p9DZGNAQL8v4IjjC1GD4qQQMmc9q7Z88sgZPyFPT/OMyBbyxJlZ
	byockL1HupyaQ+wkGXJqQzn7fKI+btQ=
Received: from mimecast-mx02.redhat.com (mx-ext.redhat.com [66.187.233.73])
 by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3,
 cipher=TLS_AES_256_GCM_SHA384) id us-mta-169-FAaOl3nMNgyUPPCrnqJTuQ-1; Mon,
 08 Apr 2024 04:28:10 -0400
X-MC-Unique: FAaOl3nMNgyUPPCrnqJTuQ-1
Received: from smtp.corp.redhat.com (int-mx09.intmail.prod.int.rdu2.redhat.com [10.11.54.9])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 863C91C2CDEF;
	Mon,  8 Apr 2024 08:28:09 +0000 (UTC)
Received: from oldenburg.str.redhat.com (unknown [10.39.192.59])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 5F637492BC8;
	Mon,  8 Apr 2024 08:28:07 +0000 (UTC)
From: Florian Weimer <fweimer@redhat.com>
To: Paul Eggert <eggert@cs.ucla.edu>
Cc: Zack Weinberg <zack@owlfolio.org>,  Siddhesh Poyarekar
 <siddhesh@gotplt.org>,  Vincent Lefevre <vincent@vinc17.net>,  Xi Ruoyao
 <xry111@xry111.site>,  Adhemerval Zanella <adhemerval.zanella@linaro.org>,
  Turritopsis Dohrnii Teo En Ming <teo.en.ming@protonmail.com>,  GNU libc
 development <libc-alpha@sourceware.org>,  "ceo@teo-en-ming-corp.com"
 <ceo@teo-en-ming-corp.com>
Subject: Re: New GNU C Library (glibc) security flaw reported on 30 Jan 2024
In-Reply-To: <1b2e16dd-4acf-45da-9285-7c6ce0e0fea6@cs.ucla.edu> (Paul Eggert's
	message of "Sat, 6 Apr 2024 10:17:59 -0700")
References: <vCs-fh6jYIOa_9Ru0H0tlrhIOOu811b3JBhYJsT4tZsBJWVmBR06ttykt_pmw9clWd8zNsiSIShRyYjpq7muFtpVYBGfMvvhB3Kk8-AfUEE=@protonmail.com>
	<b6e0bf7d3e0376b37861226cb84e7eca190beb78.camel@xry111.site>
	<20240131145555.GB2102@cventin.lip.ens-lyon.fr>
	<c622583d-a7f5-45ad-8195-0d8238469823@linaro.org>
	<96521764f4636c9ea3f3089f369975c12fa8be77.camel@xry111.site>
	<20240201005155.GF3044@qaa.vinc17.org>
	<c3bb6b7ce260b36d3db627b3063e061369780264.camel@xry111.site>
	<20240201090721.GH3044@qaa.vinc17.org>
	<5ea9eabb-f047-490f-abe9-43630d79c395@cs.ucla.edu>
	<7234533a-c8dd-4114-aa64-d4af3b138a3a@gotplt.org>
	<ab59923f-7f95-41c2-b78b-4fc92973b45f@cs.ucla.edu>
	<e427455e-d812-4222-801a-de63580d906c@app.fastmail.com>
	<ef8e1640-1074-4952-8997-dda56396d565@cs.ucla.edu>
	<4d94a528-fe3f-413d-afa0-91a41f8371ff@app.fastmail.com>
	<1b2e16dd-4acf-45da-9285-7c6ce0e0fea6@cs.ucla.edu>
Date: Mon, 08 Apr 2024 10:28:01 +0200
Message-ID: <87bk6k1coe.fsf@oldenburg.str.redhat.com>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.9
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain
X-Spam-Status: No, score=-5.6 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_NONE,TXREP autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org
List-Id: <libc-alpha.sourceware.org>

* Paul Eggert:

>  The @var{compare} function is used to perform the comparison.  This
> +function is called with arguments that point to the key and to an
> +array element, in that order, and should return an
>  integer less than, equal to, or greater than zero corresponding to
> +whether the key is considered less than, equal to, or greater than
> +the array element.  The function should not alter the array's contents,
> +and the same array element should always compare the same way with the key.

I don't think the requirement described in the last line actually
exists.  Some applications likely reuse the same key object to search
for different values, and the requirement might prohibit that (but it is
ambiguous).

Rest looks okay to me.

Thanks,
Florian