Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <adhr1qgVzeLpqdNU@mail.gmail.com>
Date: Fri, 10 Apr 2026 05:17:42 +0200
From: Luca Kellermann <mailto.luca.kellermann@...il.com>
To: Hankins <546824250@...com>
Cc: musl@...ts.openwall.com
Subject: Re: qsort core dump with 20,000,000 elements on 32-bit systems

On Thu, Apr 09, 2026 at 03:21:49PM +0800, Hankins wrote:
> Sorry, I should have described it in more detail.
> I discovered the issue while testing on a 32-bit system: when the
> number of elements sorted by qsort exceeds 18454930, a core dump
> occurs; otherwise, it does not

I was trying to understand musl's qsort() a few weeks ago (by reading
Keith Schwarz's explanation [1] and Dijkstra's original paper [2]) and
I found some bugs back then that might explain your issue. I just
haven't gotten around to reporting them yet but your mail encouraged
me to do that now :)

Description and fixes of two bugs attached.

Are your 32-bit systems Arm or PowerPC by any chance? If so, see the
commit message of the first attached patch for where the number
18454930 might come from.

Luca

[1] https://www.keithschwarz.com/smoothsort/
[2] https://www.cs.utexas.edu/~EWD/ewd07xx/EWD796a.PDF

View attachment "0001-qsort-fix-pntz-for-p-0-1.patch" of type "text/x-diff" (2145 bytes)

View attachment "0002-qsort-fix-shift-UB-in-shl-and-shr.patch" of type "text/x-diff" (1282 bytes)

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.