Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Thu, 2 May 2024 20:34:37 +0000 (UTC)
From: Joseph Myers <josmyers@...hat.com>
To: Alejandro Colomar <alx@...nel.org>
cc: Rich Felker <dalias@...c.org>, Leah Neukirchen <leah@...u.org>, 
    musl@...ts.openwall.com, libc-alpha@...rceware.org, 
    Richard Russon <rich@...tcap.org>
Subject: Re: gcvt(3) should be MT-Safe, AS-Safe, AC-Safe

On Thu, 2 May 2024, Alejandro Colomar wrote:

> > > dprintf is also AS-safe (as intended by its creator; this was
> > > discussed on the glibc list a few years back)
> 
> I've been digging into the archives, and found it:
> <https://inbox.sourceware.org/libc-alpha/20130925180327.0351F2C097@topped-with-meat.com/>
> 
> But then it seems that, at least in 2013, it wasn't AS-safe:
> <https://inbox.sourceware.org/libc-alpha/20130925212954.GQ20515@brightrain.aerifal.cx/>
> 
> It would be interesting to know the status as of today (if I have to
> guess, I'd bet it's unsafe), and also if there could be any guarantees
> that at least a subset of dprintf(3) was guaranteed to be AS-safe (e.g.,
> ignoring '$', wide-char, ...).

Floating-point printf still uses malloc (with essentially unbounded size, 
although logically it should be possible to bound the size since no 
supported floating-point format can have more than 4933 decimal digits 
before the decimal point or 16494 after it - anything outside that range 
must be zero and so shouldn't need memory allocation); see bug 21127.  
There may also be other places where malloc is called, beyond the ones for 
temporary storage of formatted output.  The commit message for commit 
6caddd34bd7ffb5ac4f36c8e036eee100c2cc535 (which removed some unnecessary 
allocation logic) lists various relevant bugs in more detail.

-- 
Joseph S. Myers
josmyers@...hat.com

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.