[Bug 213922] crafted data could cause qsort to exhaust stack space
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Thu Dec 29 22:23:49 UTC 2016
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=213922
--- Comment #4 from Pedro F. Giffuni <pfg at FreeBSD.org> ---
(In reply to jhoward from comment #3)
Thanks for looking into it. I have just been too busy. BTW, if you could upload
a diff to bugzilla it would be much better.
You can check the standalone tests here:
https://svnweb.freebsd.org/base/stable/9/tools/regression/lib/libc/stdlib/
(Newer FreeBSD versions have integrated the regression tool into the
testsuite.) I think I had a random testcase with more datapoints somewhere to
verify the last commit.
and you can get VM images from ftp, for example here:
ftp://ftp.freebsd.org/pub/FreeBSD/releases/VM-IMAGES/11.0-RELEASE/
About exploitability, it very much depends on where qsort() is used, opengrok
is your friend, and if you are able to realistically generate such sequence. I
am aware there are cases where the algorithm can be suboptimal; it may be the
case that the algorithm needs revision (I just haven't seen a case in real
life).
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list