[systemd-bugs] [Bug 76745] shared: strv can't have more than 4294967295 elements
bugzilla-daemon at freedesktop.org
bugzilla-daemon at freedesktop.org
Mon Oct 13 09:32:18 PDT 2014
https://bugs.freedesktop.org/show_bug.cgi?id=76745
Hristo Venev <mustrumr97 at gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |REOPENED
Resolution|WONTFIX |---
--- Comment #4 from Hristo Venev <mustrumr97 at gmail.com> ---
# busctl --host=...
OK, we're listing all names. An eternity and a half later:
Enter strv_push
...| // n = (1<<32) - 2
402| c = realloc(*l, sizeof(char*) * (n + 2));
...| // *l is freed, malloc(0) (16 bytes allocated in glibc).
...| ...
406| c[n] = value;
...| Write into unallocated memory
Therefore, either strv functions must fail properly if the strv is too large
(1<<16 is reasonable) or they must work with sizes up to
SIZE_MAX/sizeof(char*).
--
You are receiving this mail because:
You are the QA Contact for the bug.
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/systemd-bugs/attachments/20141013/5f79878e/attachment.html>
More information about the systemd-bugs
mailing list