Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <CAJOtW+4R0WUFMV=XMHAy2ZX-idzP=1156hrRe2TMFio6WB_sAg@mail.gmail.com>
Date: Tue, 24 Dec 2024 07:35:44 +0300
From: Yuri Gribov <tetra2005@...il.com>
To: Florian Weimer <fweimer@...hat.com>
Cc: oss-security@...ts.openwall.com
Subject: Re: Re: Out-of-bounds read & write in the glibc's qsort()

On Tue, Dec 24, 2024 at 12:36 AM Florian Weimer <fweimer@...hat.com> wrote:
> > On Mon, Dec 23, 2024 at 8:47 PM Florian Weimer <fweimer@...hat.com> wrote:
> >> It's a bit odd that you disable reflexivity checks by default, but quite
> >> a few of the issues reported are in this category.
> >
> > I think back then I wanted to make default settings free of false
> > positives. Often sorted arrays may only contain unique elements and in
> > such cases reflexivity checks are useless.
>
> Are they?  In the longstanding glibc quicksort implementation (usually
> hidden behind a merge sort), reflexivity was required to rediscover an
> element that the implementation assumed to be there and dependent upon
> for loop termination.

Interesting. I remember being told in GCC mailing list (or was it
IRC?) that qsort implementations typically will not compare element to
itself.

See also https://gcc.gnu.org/pipermail/gcc/2018-January/225098.html

-Y

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.