From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.cs.ucla.edu (mail.cs.ucla.edu [131.179.128.66]) by sourceware.org (Postfix) with ESMTPS id 6DD723858C29 for ; Tue, 6 Feb 2024 21:31:01 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 6DD723858C29 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=cs.ucla.edu Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=cs.ucla.edu ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 6DD723858C29 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=131.179.128.66 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1707255066; cv=none; b=sOKxxXCzzAA/pFRYe0Y0aXLIXizP+b8tiEBmQluu5G/CKLnoYx9gbZR2zz4EaWC/ndBOH7LBXGOSZb9MM5D+sxsC+RP+7C4VzekS5aef9IvLe/xjhVpKFcqARn2StLTuGhYRcC95l3eiBZUeMsJAp1bi4Ljxh1C9iKzr3CSDO/A= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1707255066; c=relaxed/simple; bh=tktaQ26EMglNjE0PgNy5Qd7CGPKoIUv8j0jPg4kYGW0=; h=DKIM-Signature:Message-ID:Date:MIME-Version:Subject:To:From; b=qJM5iu3aO9YB1iPT+P0nN49fNq8nQk5gOUSBF9vODg6KDUzaoiC1b1YhB9PrbYnDrMTmfuwCD29hInvNiuZg7HpF8V6WhYQE9xaIYvDzWeAo4DTA9AKt96QzDCTs1sCbgLVNLkITJ2K+cdNuwtkrgCE+Z1nhW0Fm6PosPVrZiUI= ARC-Authentication-Results: i=1; server2.sourceware.org Received: from localhost (localhost [127.0.0.1]) by mail.cs.ucla.edu (Postfix) with ESMTP id 70F2D3C00FAB8; Tue, 6 Feb 2024 13:31:00 -0800 (PST) Received: from mail.cs.ucla.edu ([127.0.0.1]) by localhost (mail.cs.ucla.edu [127.0.0.1]) (amavis, port 10032) with ESMTP id VugywgXRDwp8; Tue, 6 Feb 2024 13:31:00 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by mail.cs.ucla.edu (Postfix) with ESMTP id F0A933C00FABA; Tue, 6 Feb 2024 13:30:59 -0800 (PST) DKIM-Filter: OpenDKIM Filter v2.10.3 mail.cs.ucla.edu F0A933C00FABA DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cs.ucla.edu; s=9D0B346E-2AEB-11ED-9476-E14B719DCE6C; t=1707255060; bh=P69u3q8IjNA10gPduf9IULw3Vo6QnoViRPGDFkrY61M=; h=Message-ID:Date:MIME-Version:To:From; b=HQgHcnLXehlDlpuwKZtP34EZBbFgzrSVzE/GrWi1d2B1buh/5LTfZIGG2qtqdE6Qr LMIs3d8gTgS72+UC3kF4Je/EYI0zWbNntYfPx7TJ8d2AM/kS1mUGz1qd2AalKMaKb9 Oc1h4OVFQL9kq7oPW9zHMEoJtyiLTHBI1DGhZ6OUcOA/gfZI8kuGfRQeXX/BVI/D62 UKmUAfmPfOTWY8NKLx1/QO3cJpWENlAxDkhL3m6sp/e7mKhDR50jTJvnlT3oSZv8PV eNm7IDqGsIRE2YbYbf8LGdtZKA7166mzbzgBOiInhtQ81Hh+p3V3/lN8VN4kHyUZx9 bdWMEuClbD0NQ== X-Virus-Scanned: amavis at mail.cs.ucla.edu Received: from mail.cs.ucla.edu ([127.0.0.1]) by localhost (mail.cs.ucla.edu [127.0.0.1]) (amavis, port 10026) with ESMTP id B76WyiO1Na_s; Tue, 6 Feb 2024 13:30:59 -0800 (PST) Received: from [131.179.64.200] (Penguin.CS.UCLA.EDU [131.179.64.200]) by mail.cs.ucla.edu (Postfix) with ESMTPSA id C83A23C00FAB8; Tue, 6 Feb 2024 13:30:59 -0800 (PST) Content-Type: multipart/mixed; boundary="------------FY7JwFSni6vZRVsVMcfuvpDL" Message-ID: Date: Tue, 6 Feb 2024 13:30:57 -0800 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: New GNU C Library (glibc) security flaw reported on 30 Jan 2024 Content-Language: en-US To: Zack Weinberg , Siddhesh Poyarekar , Vincent Lefevre , Xi Ruoyao , Adhemerval Zanella , Turritopsis Dohrnii Teo En Ming , GNU libc development , "ceo@teo-en-ming-corp.com" References: <20240131145555.GB2102@cventin.lip.ens-lyon.fr> <96521764f4636c9ea3f3089f369975c12fa8be77.camel@xry111.site> <20240201005155.GF3044@qaa.vinc17.org> <20240201090721.GH3044@qaa.vinc17.org> <5ea9eabb-f047-490f-abe9-43630d79c395@cs.ucla.edu> <7234533a-c8dd-4114-aa64-d4af3b138a3a@gotplt.org> From: Paul Eggert Organization: UCLA Computer Science Department In-Reply-To: X-Spam-Status: No, score=-9.0 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,GIT_PATCH_0,KAM_MANYTO,SPF_HELO_NONE,SPF_PASS,TXREP,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: This is a multi-part message in MIME format. --------------FY7JwFSni6vZRVsVMcfuvpDL Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: quoted-printable On 2/6/24 07:00, Zack Weinberg wrote: > This sentence only makes sense to me because of what you said in the > cover letter, about the array not being required to be totally > ordered. I=E2=80=99d like to suggest instead Good point about saying explicitly that the array need not be sorted. We=20 can add "Although the @var{array} need not be completely sorted,". Done=20 in the attached revised patch. However, the paraphrase you sent was too generous, as it allowed the=20 array to be in completely random order if it had no matching element.=20 Although I think glibc bsearch works in that case, we're likely better=20 off sticking with POSIXish wording. > Not related to what you wrote, but: A later paragraph says =E2=80=9Cthe= object > addresses passed to the comparison function lie within the array,=E2=80= =9D > and C2011 7.22.5p2 actually makes this a hard requirement: =E2=80=9CThe > implementation shall ensure that both arguments [of the comparison > function called by qsort] are pointers to elements of the array.=E2=80=9D > It looks to me like there are situations where our implementation > doesn=E2=80=99t do this: I don't see that in the glibc source. Are you sure about that? If glibc qsort passes addresses outside the array to the comparison=20 function, then it's busted and should get fixed. --------------FY7JwFSni6vZRVsVMcfuvpDL Content-Type: text/x-patch; charset=UTF-8; name="0001-Fix-bsearch-qsort-etc.-doc-to-match-POSIX-better.patch" Content-Disposition: attachment; filename*0="0001-Fix-bsearch-qsort-etc.-doc-to-match-POSIX-better.patch" Content-Transfer-Encoding: base64 RnJvbSAyMjgzN2NjN2M3ZjJhYjk4YjgyM2U2MjBjMWZhMTIyY2Q5YWQyYWZhIE1vbiBTZXAg MTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBQYXVsIEVnZ2VydCA8ZWdnZXJ0QGNzLnVjbGEuZWR1 PgpEYXRlOiBTdW4sIDQgRmViIDIwMjQgMTY6NTM6MjIgLTA4MDAKU3ViamVjdDogW1BBVENI IHYyXSBGaXggYnNlYXJjaCwgcXNvcnQgZXRjLiBkb2MgdG8gbWF0Y2ggUE9TSVggYmV0dGVy Ck1JTUUtVmVyc2lvbjogMS4wCkNvbnRlbnQtVHlwZTogdGV4dC9wbGFpbjsgY2hhcnNldD1V VEYtOApDb250ZW50LVRyYW5zZmVyLUVuY29kaW5nOiA4Yml0CgoqIG1hbnVhbC9zZWFyY2gu dGV4aSAoQXJyYXkgU2VhcmNoIEZ1bmN0aW9uKToKQ29ycmVjdCB0aGUgc3RhdGVtZW50IGFi b3V0IGxmaW5k4oCZcyBtZWFuIHJ1bnRpbWU6Cml0IGlzIHByb3BvcnRpb25hbCB0byBhIG51 bWJlciAobm90IHRoYXQgbnVtYmVyKSwKYW5kIHRoaXMgaXMgdHJ1ZSBvbmx5IGlmIHJhbmRv bSBlbGVtZW50cyBhcmUgc2VhcmNoZWQgZm9yLgpSZWxheCB0aGUgY29uc3RyYWludCBvbiBi c2VhcmNo4oCZcyBhcnJheSBhcmd1bWVudDoKUE9TSVggc2F5cyBpdCBuZWVkIG5vdCBiZSBz b3J0ZWQsIG9ubHkgcGFydGlhbGx5IHNvcnRlZC4KU2F5IHRoYXQgdGhlIGZpcnN0IGFyZyBw YXNzZWQgdG8gYnNlYXJjaOKAmXMgY29tcGFyaXNvbiBmdW5jdGlvbgppcyB0aGUga2V5LCBh bmQgdGhlIHNlY29uZCBhcmcgaXMgYW4gYXJyYXkgZWxlbWVudCwgYXMKUE9TSVggcmVxdWly ZXMuICBGb3IgYnNlYXJjaCBhbmQgcXNvcnQsIHNheSB0aGF0IHRoZQpjb21wYXJpc29uIGZ1 bmN0aW9uIHNob3VsZCBub3QgYWx0ZXIgdGhlIGFycmF5LCBhcyBQT1NJWApyZXF1aXJlcy4g IEZvciBxc29ydCwgc2F5IHRoYXQgdGhlIGNvbXBhcmlzb24gZnVuY3Rpb24KbXVzdCBkZWZp bmUgYSB0b3RhbCBvcmRlciwgYXMgUE9TSVggcmVxdWlyZXMuCi0tLQogbWFudWFsL3NlYXJj aC50ZXhpIHwgMjYgKysrKysrKysrKysrKysrKy0tLS0tLS0tLS0KIDEgZmlsZSBjaGFuZ2Vk LCAxNiBpbnNlcnRpb25zKCspLCAxMCBkZWxldGlvbnMoLSkKCmRpZmYgLS1naXQgYS9tYW51 YWwvc2VhcmNoLnRleGkgYi9tYW51YWwvc2VhcmNoLnRleGkKaW5kZXggZGI1NzdhNTMzMi4u ZjNkZTg0NDAxZCAxMDA2NDQKLS0tIGEvbWFudWFsL3NlYXJjaC50ZXhpCisrKyBiL21hbnVh bC9zZWFyY2gudGV4aQpAQCAtODQsOCArODQsOSBAQCBUaGUgcmV0dXJuIHZhbHVlIGlzIGEg cG9pbnRlciB0byB0aGUgbWF0Y2hpbmcgZWxlbWVudCBpbiB0aGUgYXJyYXkKIHN0YXJ0aW5n IGF0IEB2YXJ7YmFzZX0gaWYgaXQgaXMgZm91bmQuICBJZiBubyBtYXRjaGluZyBlbGVtZW50 IGlzCiBhdmFpbGFibGUgQGNvZGV7TlVMTH0gaXMgcmV0dXJuZWQuCiAKLVRoZSBtZWFuIHJ1 bnRpbWUgb2YgdGhpcyBmdW5jdGlvbiBpcyBAY29kZXsqQHZhcntubWVtYn19LzIuICBUaGlz Ci1mdW5jdGlvbiBzaG91bGQgb25seSBiZSB1c2VkIGlmIGVsZW1lbnRzIG9mdGVuIGdldCBh ZGRlZCB0byBvciBkZWxldGVkIGZyb20KK1RoZSBtZWFuIHJ1bnRpbWUgb2YgdGhpcyBmdW5j dGlvbiBpcyBwcm9wb3J0aW9uYWwgdG8gQGNvZGV7KkB2YXJ7bm1lbWJ9LzJ9LAorYXNzdW1p bmcgcmFuZG9tIGVsZW1lbnRzIG9mIHRoZSBhcnJheSBhcmUgc2VhcmNoZWQgZm9yLiAgVGhp cworZnVuY3Rpb24gc2hvdWxkIGJlIHVzZWQgb25seSBpZiBlbGVtZW50cyBvZnRlbiBnZXQg YWRkZWQgdG8gb3IgZGVsZXRlZCBmcm9tCiB0aGUgYXJyYXkgaW4gd2hpY2ggY2FzZSBpdCBt aWdodCBub3QgYmUgdXNlZnVsIHRvIHNvcnQgdGhlIGFycmF5IGJlZm9yZQogc2VhcmNoaW5n LgogQGVuZCBkZWZ0eXBlZnVuCkBAIC0xMjIsMjQgKzEyMywyNyBAQCBieXRlcy4gIElmIG9u ZSBpcyBzdXJlIHRoZSBlbGVtZW50IGlzIGluIHRoZSBhcnJheSBpdCBpcyBiZXR0ZXIgdG8g dXNlCiBjYWxsaW5nIEBjb2Rle2xzZWFyY2h9LgogQGVuZCBkZWZ0eXBlZnVuCiAKLVRvIHNl YXJjaCBhIHNvcnRlZCBhcnJheSBmb3IgYW4gZWxlbWVudCBtYXRjaGluZyB0aGUga2V5LCB1 c2UgdGhlCi1AY29kZXtic2VhcmNofSBmdW5jdGlvbi4gIFRoZSBwcm90b3R5cGUgZm9yIHRo aXMgZnVuY3Rpb24gaXMgaW4KK1RvIHNlYXJjaCBhIHNvcnRlZCBvciBwYXJ0aWFsbHkgc29y dGVkIGFycmF5IGZvciBhbiBlbGVtZW50IG1hdGNoaW5nIHRoZSBrZXksCit1c2UgdGhlIEBj b2Rle2JzZWFyY2h9IGZ1bmN0aW9uLiAgVGhlIHByb3RvdHlwZSBmb3IgdGhpcyBmdW5jdGlv biBpcyBpbgogdGhlIGhlYWRlciBmaWxlIEBmaWxle3N0ZGxpYi5ofS4KIEBwaW5kZXggc3Rk bGliLmgKIAogQGRlZnR5cGVmdW4ge3ZvaWQgKn0gYnNlYXJjaCAoY29uc3Qgdm9pZCAqQHZh cntrZXl9LCBjb25zdCB2b2lkICpAdmFye2FycmF5fSwgc2l6ZV90IEB2YXJ7Y291bnR9LCBz aXplX3QgQHZhcntzaXplfSwgY29tcGFyaXNvbl9mbl90IEB2YXJ7Y29tcGFyZX0pCiBAc3Rh bmRhcmRze0lTTywgc3RkbGliLmh9CiBAc2FmZXR5e0BwcmVsaW17fUBtdHNhZmV7fUBhc3Nh ZmV7fUBhY3NhZmV7fX0KLVRoZSBAY29kZXtic2VhcmNofSBmdW5jdGlvbiBzZWFyY2hlcyB0 aGUgc29ydGVkIGFycmF5IEB2YXJ7YXJyYXl9IGZvciBhbiBvYmplY3QKK1RoZSBAY29kZXti c2VhcmNofSBmdW5jdGlvbiBzZWFyY2hlcyBAdmFye2FycmF5fSBmb3IgYW4gb2JqZWN0CiB0 aGF0IGlzIGVxdWl2YWxlbnQgdG8gQHZhcntrZXl9LiAgVGhlIGFycmF5IGNvbnRhaW5zIEB2 YXJ7Y291bnR9IGVsZW1lbnRzLAogZWFjaCBvZiB3aGljaCBpcyBvZiBzaXplIEB2YXJ7c2l6 ZX0gYnl0ZXMuCiAKIFRoZSBAdmFye2NvbXBhcmV9IGZ1bmN0aW9uIGlzIHVzZWQgdG8gcGVy Zm9ybSB0aGUgY29tcGFyaXNvbi4gIFRoaXMKLWZ1bmN0aW9uIGlzIGNhbGxlZCB3aXRoIHR3 byBwb2ludGVyIGFyZ3VtZW50cyBhbmQgc2hvdWxkIHJldHVybiBhbgorZnVuY3Rpb24gaXMg Y2FsbGVkIHdpdGggYXJndW1lbnRzIHRoYXQgcG9pbnQgdG8gdGhlIGtleSBhbmQgdG8gYW4K K2FycmF5IGVsZW1lbnQsIGluIHRoYXQgb3JkZXIsIGFuZCBzaG91bGQgcmV0dXJuIGFuCiBp bnRlZ2VyIGxlc3MgdGhhbiwgZXF1YWwgdG8sIG9yIGdyZWF0ZXIgdGhhbiB6ZXJvIGNvcnJl c3BvbmRpbmcgdG8KLXdoZXRoZXIgaXRzIGZpcnN0IGFyZ3VtZW50IGlzIGNvbnNpZGVyZWQg bGVzcyB0aGFuLCBlcXVhbCB0bywgb3IgZ3JlYXRlcgotdGhhbiBpdHMgc2Vjb25kIGFyZ3Vt ZW50LiAgVGhlIGVsZW1lbnRzIG9mIHRoZSBAdmFye2FycmF5fSBtdXN0IGFscmVhZHkKLWJl IHNvcnRlZCBpbiBhc2NlbmRpbmcgb3JkZXIgYWNjb3JkaW5nIHRvIHRoaXMgY29tcGFyaXNv biBmdW5jdGlvbi4KK3doZXRoZXIgdGhlIGtleSBpcyBjb25zaWRlcmVkIGxlc3MgdGhhbiwg ZXF1YWwgdG8sIG9yIGdyZWF0ZXIgdGhhbgordGhlIGFycmF5IGVsZW1lbnQuICBUaGUgZnVu Y3Rpb24gc2hvdWxkIG5vdCBhbHRlciB0aGUgYXJyYXkncyBjb250ZW50cy4KK0FsdGhvdWdo IHRoZSBAdmFye2FycmF5fSBuZWVkIG5vdCBiZSBjb21wbGV0ZWx5IHNvcnRlZCwKK2l0IG11 c3QgY29uc2lzdCBvZiBhbGwgZWxlbWVudHMgdGhhdCBjb21wYXJlIGxlc3MgdGhhbiwKK2Vx dWFsIHRvLCBhbmQgZ3JlYXRlciB0aGFuIEB2YXJ7a2V5fSwgaW4gdGhhdCBvcmRlci4KIAog VGhlIHJldHVybiB2YWx1ZSBpcyBhIHBvaW50ZXIgdG8gdGhlIG1hdGNoaW5nIGFycmF5IGVs ZW1lbnQsIG9yIGEgbnVsbAogcG9pbnRlciBpZiBubyBtYXRjaCBpcyBmb3VuZC4gIElmIHRo ZSBhcnJheSBjb250YWlucyBtb3JlIHRoYW4gb25lIGVsZW1lbnQKQEAgLTE3MCw3ICsxNzQs OSBAQCBUaGUgQHZhcntjb21wYXJlfSBmdW5jdGlvbiBpcyB1c2VkIHRvIHBlcmZvcm0gdGhl IGNvbXBhcmlzb24gb24gdGhlCiBhcnJheSBlbGVtZW50cy4gIFRoaXMgZnVuY3Rpb24gaXMg Y2FsbGVkIHdpdGggdHdvIHBvaW50ZXIgYXJndW1lbnRzIGFuZAogc2hvdWxkIHJldHVybiBh biBpbnRlZ2VyIGxlc3MgdGhhbiwgZXF1YWwgdG8sIG9yIGdyZWF0ZXIgdGhhbiB6ZXJvCiBj b3JyZXNwb25kaW5nIHRvIHdoZXRoZXIgaXRzIGZpcnN0IGFyZ3VtZW50IGlzIGNvbnNpZGVy ZWQgbGVzcyB0aGFuLAotZXF1YWwgdG8sIG9yIGdyZWF0ZXIgdGhhbiBpdHMgc2Vjb25kIGFy Z3VtZW50LgorZXF1YWwgdG8sIG9yIGdyZWF0ZXIgdGhhbiBpdHMgc2Vjb25kIGFyZ3VtZW50 LiAgVGhlIGZ1bmN0aW9uIHNob3VsZAorYmUgY29uc2lzdGVudCB3aXRoIGEgdG90YWwgb3Jk ZXJpbmcgb24gdGhlIGFycmF5IGVsZW1lbnRzJyB2YWx1ZXMsCithbmQgc2hvdWxkIG5vdCBh bHRlciB0aGUgYXJyYXkncyBjb250ZW50cy4KIAogQGNpbmRleCBzdGFibGUgc29ydGluZwog QHN0cm9uZ3tXYXJuaW5nOn0gSWYgdHdvIG9iamVjdHMgY29tcGFyZSBhcyBlcXVhbCwgdGhl aXIgb3JkZXIgYWZ0ZXIKLS0gCjIuNDMuMAoK --------------FY7JwFSni6vZRVsVMcfuvpDL--