oss-sec mailing list archives
Re: Re: Out-of-bounds read & write in the glibc's qsort()
From: Florian Weimer <fweimer () redhat com>
Date: Mon, 23 Dec 2024 18:47:03 +0100
* Yuri Gribov:
Even with very basic setup (semi-automatic testing of Debian packages, no fuzzing) the tool was able to find numerous bugs in open-source programs (see e.g. https://github.com/yugr/sortcheck?tab=readme-ov-file#what-are-current-results). I believe many (10x) more bugs are still out there, waiting for more patient testers.
It's a bit odd that you disable reflexivity checks by default, but quite a few of the issues reported are in this category. The prevalence of these defects matches what we saw with glibc when we introduced an implementation that absolutely required that the comparison function returns zero if passed equal elements. We had to add explicit pointer equality checks in a couple of places to make it work. (Of course, this was before we reverted back to merge sort.) Thanks, Florian
Current thread:
- Re: Out-of-bounds read & write in the glibc's qsort() Yuri Gribov (Dec 21)
- Re: Re: Out-of-bounds read & write in the glibc's qsort() Jan Engelhardt (Dec 21)
- Re: Re: Out-of-bounds read & write in the glibc's qsort() Florian Weimer (Dec 23)
- Re: Re: Out-of-bounds read & write in the glibc's qsort() Yuri Gribov (Dec 23)
- Re: Re: Out-of-bounds read & write in the glibc's qsort() Florian Weimer (Dec 23)
- Re: Re: Out-of-bounds read & write in the glibc's qsort() Yuri Gribov (Dec 24)
- Re: Re: Out-of-bounds read & write in the glibc's qsort() Yuri Gribov (Dec 23)