[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: glibc segfault on "special" long double values is _ok_!?

From: Paul Mackerras
Subject: Re: glibc segfault on "special" long double values is _ok_!?
Date: Thu, 7 Jun 2007 08:51:42 +1000

Andreas Schwab writes:

> Jim Meyering <address@hidden> writes:
> > I'm interested, because I don't want my applications to segfault on such
> > inputs.  Sure it may look a little far-fetched, but I think it's not.
> > Imagine such a bit pattern being injected into a network data stream
> > that is then printed as a long double.  Just printing an arbitrary
> > "long double" should not make a server vulnerable to a DoS attack.
> In which way is this different from passing NULL to strlen?

In that long doubles are scalar values while strlen's argument is a
pointer value.  In general with scalars there is no value whose
meaning or effect is undefined, unlike pointers.

If glibc can indeed be made to segfault just by doing printf on some
particular long double value then I think that is worth reporting as a
security vulnerability.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]