X-Spam-Check-By: sourceware.org Message-ID: <456CF7D9.3090801@byu.net> Date: Tue, 28 Nov 2006 20:00:41 -0700 From: Eric Blake User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.8) Gecko/20061025 Thunderbird/1.5.0.8 Mnenhy/0.7.4.666 MIME-Version: 1.0 To: cygwin AT cygwin DOT com Subject: FYI - bash crash due to asprintf bug Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-IsSubscribed: yes Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I found that I could crash bash due to an off-by-one bug in asprintf(). I will be submitting a patch to newlib shortly, that both fixes the off-by-one behavior, and reduces asprintf's use of realloc from quadratic to log-linear performance (ie. calling realloc every time you add a byte is bad, compared to doubling the buffer size every time you call realloc). But that means that until the next cygwin release, all programs compiled against cygwin's asprintf are vulnerable. - -- Life is short - so eat dessert first! Eric Blake ebb9 AT byu DOT net -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Cygwin) Comment: Public key at home.comcast.net/~ericblake/eblake.gpg Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFbPfZ84KuGfSFAYARAp7xAKCdKmcipaYeaMxIaCT6+vwTh+bfvwCg0e2n KKQzAfoEyT4KpmYYsIB3Id0= =iNQL -----END PGP SIGNATURE----- -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/