|
Message-ID: <87zfkmmgvc.fsf@oldenburg.str.redhat.com> Date: Mon, 23 Dec 2024 18:47:03 +0100 From: Florian Weimer <fweimer@...hat.com> To: Yuri Gribov <tetra2005@...il.com> Cc: oss-security@...ts.openwall.com Subject: Re: Re: Out-of-bounds read & write in the glibc's qsort() * Yuri Gribov: > Even with very basic setup (semi-automatic testing of Debian packages, > no fuzzing) the tool was able to find numerous bugs in open-source > programs (see e.g. > https://github.com/yugr/sortcheck?tab=readme-ov-file#what-are-current-results). > I believe many (10x) more bugs are still out there, waiting for more > patient testers. It's a bit odd that you disable reflexivity checks by default, but quite a few of the issues reported are in this category. The prevalence of these defects matches what we saw with glibc when we introduced an implementation that absolutely required that the comparison function returns zero if passed equal elements. We had to add explicit pointer equality checks in a couple of places to make it work. (Of course, this was before we reverted back to merge sort.) Thanks, Florian
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.