<html> <head> <base href="https://bugs.freedesktop.org/" /> </head> <body><span class="vcard"><a class="email" href="mailto:mustrumr97@gmail.com" title="Hristo Venev <mustrumr97@gmail.com>"> <span class="fn">Hristo Venev</span></a> </span> changed <a class="bz_bug_link bz_status_REOPENED " title="REOPENED - shared: strv can't have more than 4294967295 elements" href="https://bugs.freedesktop.org/show_bug.cgi?id=76745">bug 76745</a> <br> <table border="1" cellspacing="0" cellpadding="8"> <tr> <th>What</th> <th>Removed</th> <th>Added</th> </tr> <tr> <td style="text-align:right;">Status</td> <td>RESOLVED </td> <td>REOPENED </td> </tr> <tr> <td style="text-align:right;">Resolution</td> <td>WONTFIX </td> <td>--- </td> </tr></table> <p> <div> <b><a class="bz_bug_link bz_status_REOPENED " title="REOPENED - shared: strv can't have more than 4294967295 elements" href="https://bugs.freedesktop.org/show_bug.cgi?id=76745#c4">Comment # 4</a> on <a class="bz_bug_link bz_status_REOPENED " title="REOPENED - shared: strv can't have more than 4294967295 elements" href="https://bugs.freedesktop.org/show_bug.cgi?id=76745">bug 76745</a> from <span class="vcard"><a class="email" href="mailto:mustrumr97@gmail.com" title="Hristo Venev <mustrumr97@gmail.com>"> <span class="fn">Hristo Venev</span></a> </span></b> <pre># busctl --host=... OK, we're listing all names. An eternity and a half later: Enter strv_push ...| // n = (1<<32) - 2 402| c = realloc(*l, sizeof(char*) * (n + 2)); ...| // *l is freed, malloc(0) (16 bytes allocated in glibc). ...| ... 406| c[n] = value; ...| Write into unallocated memory Therefore, either strv functions must fail properly if the strv is too large (1<<16 is reasonable) or they must work with sizes up to SIZE_MAX/sizeof(char*).</pre> </div> </p> <hr> <span>You are receiving this mail because:</span> <ul> <li>You are the QA Contact for the bug.</li> <li>You are the assignee for the bug.</li> </ul> </body> </html>