|
Message-ID: <878qs6m68f.fsf@oldenburg.str.redhat.com> Date: Mon, 23 Dec 2024 22:36:48 +0100 From: Florian Weimer <fweimer@...hat.com> To: Yuri Gribov <tetra2005@...il.com> Cc: oss-security@...ts.openwall.com Subject: Re: Re: Out-of-bounds read & write in the glibc's qsort() * Yuri Gribov: > On Mon, Dec 23, 2024 at 8:47 PM Florian Weimer <fweimer@...hat.com> wrote: >> It's a bit odd that you disable reflexivity checks by default, but quite >> a few of the issues reported are in this category. > > I think back then I wanted to make default settings free of false > positives. Often sorted arrays may only contain unique elements and in > such cases reflexivity checks are useless. Are they? In the longstanding glibc quicksort implementation (usually hidden behind a merge sort), reflexivity was required to rediscover an element that the implementation assumed to be there and dependent upon for loop termination. Other quicksort implementations seem to have similar requirements. For monomorphizing implementations such as std::sort for C++ not doing the pointer (iterator) check actually makes sense from a performance perspective. Thanks, Florian
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.