bug-coreutils
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: integer overflow in /bin/ls


From: Jim Meyering
Subject: Re: integer overflow in /bin/ls
Date: Mon, 13 Oct 2003 22:51:18 +0200

Paul Eggert <address@hidden> wrote:
> Georgi Guninski <address@hidden> writes:
>
>> The heap is quite screwed, but ls is killed by the kernel due to
>> memory usage.
>
> Thanks for reporting the bug.  As it happens, I had already been
> preparing a more general patch for address arithmetic overflow bugs in
> coreutils.  A patch for the 'ls' problem is enclosed below.  It causes
> 'ls' to immediately report "memory exhausted" for your example.  It
> also fixes a few other related bugs (notably on 64-bit hosts).
>
>> Probably ls should not accept big ints after -w.
>
> 'ls' could impose an arbitrary limit on column width, but that would
> run counter to the "no arbitrary limits" policy of GNU.
>
>> As a side effect this causes temporary DoS in wu-ftpd.
>
> Perhaps wu-ftpd can refuse to invoke 'ls' with the -w option, or with
> a -w option that wu-ftpd thinks would use too much memory.
>
>
> 2003-10-13  Paul Eggert  <address@hidden>
>
>       Fix address-arithmetic bug in 'ls', reported by Georgi Guninski.
>       Remove several arbitrary limits on hosts where int cannot represent
>       all size_t values.

Thanks, Paul!
I've applied that.

As you probably noticed, init_column_info allocates O(N^2)
space when ls is invoked with `--width=N' and -x or -C.
Eventually we may want to investigate change the algorithm, or --
failing that -- limit N.




reply via email to

[Prev in Thread] Current Thread [Next in Thread]