From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from wfhigh7-smtp.messagingengine.com (wfhigh7-smtp.messagingengine.com [64.147.123.158]) by sourceware.org (Postfix) with ESMTPS id 651733858D38 for ; Mon, 22 Apr 2024 15:31:27 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 651733858D38 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=owlfolio.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=owlfolio.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 651733858D38 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=64.147.123.158 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1713799890; cv=none; b=NMqvfgzcw6F/Xm3CMSuDHcHTm+pPWayCxrqX7t5c/x6gUKOjMFuXsXmb2B1h4ysCYIN4JpzvhXsEATTQmWMUIGCQas954D2S308IbG0BfjrCKcpbC0pYlJ3kEuKF1x2RxmYC/yTsn0yzhGBRtuXrd9L9so4VB1eJ1rFuzwo2Xeo= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1713799890; c=relaxed/simple; bh=PnYVdWUPERS1f8H0jToN9/cNGkp7nGjOUHXFH6nNP0o=; h=DKIM-Signature:DKIM-Signature:MIME-Version:Message-Id:Date:From: To:Subject; b=HHTLNpCrCK4MprUwUJNw7pcGZ/ZipqC6sULpBcnQbma87jmPN5kqzfxl7hnjQxjDGPMO3fE8HnB2NuwqEja/gw0hyVcBfyw/En13Y5QNERldxAvU9DldIV6tDbJB0HjadnkhIE0R31P8XV0tbgIiBX/04QiV3J0OtdutEUgskY4= ARC-Authentication-Results: i=1; server2.sourceware.org Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailfhigh.west.internal (Postfix) with ESMTP id 5A17C1800101; Mon, 22 Apr 2024 10:39:31 -0400 (EDT) Received: from imap45 ([10.202.2.95]) by compute5.internal (MEProxy); Mon, 22 Apr 2024 10:39:32 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=owlfolio.org; h= cc:cc:content-type:content-type:date:date:from:from:in-reply-to :in-reply-to:message-id:mime-version:references:reply-to:subject :subject:to:to; s=fm2; t=1713796770; x=1713883170; bh=dZXV5tEy3o 8m404J/Wavl7hIidtzWk4jUJRA66IoCMs=; b=mZfHFZSEuXo3EBKEN3afz6wbw7 KPJRq/FIrAcFIYSjuNvNudGKfRqKJlWDbAhQt2I7RrgXy4AWP/PoLUMrtlRHy9lR /MgGtpbV30rN+2UYQqMgdvDkCn86gX33EWwSBTQYEJgfL08Zp+FhnlJdmF4JwlZK CuePZZWBopmNqLGuhdP6Gk42z9vI7eVRXNa/EWu2ULmFBxM7WI1MoUojM75S5f5i Fat2yqvj029mr7wE2x4C4YOdJWeuya3KU6lwyMnoXBw1VWAEhGJ9yEJWNVro8Gjz XATVeSCFssVV98MDPNZYQ+pc2EaYLabcCFoRxuo8fM0rOXSQagNjxtVo6rJg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:subject:subject:to :to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm3; t=1713796770; x=1713883170; bh=dZXV5tEy3o8m404J/Wavl7hIidtz Wk4jUJRA66IoCMs=; b=Vk6gxesT0ySqYLyICRDIIcmzhJHrA/UE6Q93E7TMolBX G4V0yqj2dJakcoRonZwgLOM8wu9KOMbAB4DAFKkeAwNA7w9OCeM3R7VMYZSMucEe He1e7STpMU0Cjs6pjKL5bU6dOkRUxPuN7GzjHLW0vs3w95Z73B2fJT+JHU4VnJZs TZmJD9P1mZXSYy1AH9Ao83SIsbMAn2qUGM3XlQxw82fTMOw9LqezLdo4w9Iy1bqt B/Kgcq9vrv9gLgpyWpOZNIrkFJZjAx+agFIrWquxyGtPcQh0TTUvsWCDMAGwO7o/ oT7WfmT7dJyBN4J6Vy+pwsc8r1dlZZoRVRCu4kJw8Q== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvledrudekledgkedtucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepofgfggfkjghffffhvfevufgtsehttdertderredtnecuhfhrohhmpedfkggr tghkucghvghinhgsvghrghdfuceoiigrtghksehofihlfhholhhiohdrohhrgheqnecugg ftrfgrthhtvghrnhephfelfeehudfhleegheegjeevheeuieehvdfgueeuteetleeiieet heefhfeludeinecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrh homhepiigrtghksehofihlfhholhhiohdrohhrgh X-ME-Proxy: Feedback-ID: i876146a2:Fastmail Received: by mailuser.nyi.internal (Postfix, from userid 501) id 39A5E272007C; Mon, 22 Apr 2024 10:39:30 -0400 (EDT) X-Mailer: MessagingEngine.com Webmail Interface User-Agent: Cyrus-JMAP/3.11.0-alpha0-386-g4cb8e397f9-fm-20240415.001-g4cb8e397 MIME-Version: 1.0 Message-Id: <90ac2925-a833-4a2c-a7f7-9c28276b9222@app.fastmail.com> In-Reply-To: <87bk6k1coe.fsf@oldenburg.str.redhat.com> References: <20240131145555.GB2102@cventin.lip.ens-lyon.fr> <96521764f4636c9ea3f3089f369975c12fa8be77.camel@xry111.site> <20240201005155.GF3044@qaa.vinc17.org> <20240201090721.GH3044@qaa.vinc17.org> <5ea9eabb-f047-490f-abe9-43630d79c395@cs.ucla.edu> <7234533a-c8dd-4114-aa64-d4af3b138a3a@gotplt.org> <4d94a528-fe3f-413d-afa0-91a41f8371ff@app.fastmail.com> <1b2e16dd-4acf-45da-9285-7c6ce0e0fea6@cs.ucla.edu> <87bk6k1coe.fsf@oldenburg.str.redhat.com> Date: Mon, 22 Apr 2024 10:39:09 -0400 From: "Zack Weinberg" To: "Florian Weimer" , "Paul Eggert" Cc: "Siddhesh Poyarekar" , "Vincent Lefevre" , "Xi Ruoyao" , "Adhemerval Zanella" , "Turritopsis Dohrnii Teo En Ming" , "GNU libc development" , "ceo@teo-en-ming-corp.com" Subject: Re: New GNU C Library (glibc) security flaw reported on 30 Jan 2024 Content-Type: text/plain X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,JMQ_SPF_NEUTRAL,RCVD_IN_DNSWL_LOW,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: On Mon, Apr 8, 2024, at 4:28 AM, Florian Weimer wrote: > * Paul Eggert: >> the same array element should always compare the same way with >> the key. > > I don't think the requirement described in the last line actually > exists. Some applications likely reuse the same key object to search > for different values, and the requirement might prohibit that (but it > is ambiguous). I believe what Paul was trying to express here is that *during a single call to bsearch*, repeated calls to the comparison function with the same (key, element) pair should return the same result. In between calls to bsearch, the application is allowed to modify both the array and the key object, so there cannot be any expectation for the comparison function to return the same result for the same pair of *addresses* -- (&key, &element) -- on a second call to bsearch. I see how the quoted sentence could read that way, though, and I'm not sure how to fix it. zw