Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 8 Jun 2017 15:57:22 -0500 (CDT)
From: Bob Friesenhahn <bfriesen@...ple.dallas.tx.us>
To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com>
Subject: Re: Is not memory allocation failure a bug?

On Thu, 8 Jun 2017, Qhdwns123 wrote:

> HI
>
> I found a memory allocation failure and reported it to the developer.
>
> But in the process of communicating, they are not bugs.
>
> Do you have experience similar to me?

Memory allocation failures are normal since there are always finite 
memory resources and requests may be based on the amount of work to be 
performed.  If a memory allocation failure can be unreasonably induced 
(e.g. a 100 byte input file consumes 100 GB of memory) and the 
impacted software (or whole system) is expected to remain running 
continually in order to provide service for many users, then there 
would be a denial of service opportunity, which could be serious.

Bob
-- 
Bob Friesenhahn
bfriesen@...ple.dallas.tx.us, http://www.simplesystems.org/users/bfriesen/
GraphicsMagick Maintainer,    http://www.GraphicsMagick.org/

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.