Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <87zfkmmgvc.fsf@oldenburg.str.redhat.com>
Date: Mon, 23 Dec 2024 18:47:03 +0100
From: Florian Weimer <fweimer@...hat.com>
To: Yuri Gribov <tetra2005@...il.com>
Cc: oss-security@...ts.openwall.com
Subject: Re: Re: Out-of-bounds read & write in the glibc's
 qsort()

* Yuri Gribov:

> Even with very basic setup (semi-automatic testing of Debian packages,
> no fuzzing) the tool was able to find numerous bugs in open-source
> programs (see e.g.
> https://github.com/yugr/sortcheck?tab=readme-ov-file#what-are-current-results).
> I believe many (10x) more bugs are still out there, waiting for more
> patient testers.

It's a bit odd that you disable reflexivity checks by default, but quite
a few of the issues reported are in this category.

The prevalence of these defects matches what we saw with glibc when we
introduced an implementation that absolutely required that the
comparison function returns zero if passed equal elements.  We had to
add explicit pointer equality checks in a couple of places to make it
work.  (Of course, this was before we reverted back to merge sort.)

Thanks,
Florian

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.