X-Spam-Check-By: sourceware.org
Message-ID: <456CF7D9.3090801@byu.net>
Date: Tue, 28 Nov 2006 20:00:41 -0700
From: Eric Blake <ebb9@byu.net>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.8) Gecko/20061025 Thunderbird/1.5.0.8 Mnenhy/0.7.4.666
MIME-Version: 1.0
To: cygwin@cygwin.com
Subject: FYI - bash crash due to asprintf bug
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-IsSubscribed: yes
Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe@cygwin.com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-help@cygwin.com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
Delivered-To: mailing list cygwin@cygwin.com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I found that I could crash bash due to an off-by-one bug in asprintf().  I
will be submitting a patch to newlib shortly, that both fixes the
off-by-one behavior, and reduces asprintf's use of realloc from quadratic
to log-linear performance (ie. calling realloc every time you add a byte
is bad, compared to doubling the buffer size every time you call realloc).
 But that means that until the next cygwin release, all programs compiled
against cygwin's asprintf are vulnerable.

- --
Life is short - so eat dessert first!

Eric Blake             ebb9@byu.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Cygwin)
Comment: Public key at home.comcast.net/~ericblake/eblake.gpg
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFbPfZ84KuGfSFAYARAp7xAKCdKmcipaYeaMxIaCT6+vwTh+bfvwCg0e2n
KKQzAfoEyT4KpmYYsIB3Id0=
=iNQL
-----END PGP SIGNATURE-----

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/