musl - Re: Some additional qsort patches

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Message-ID: <A1EA2BA9-80A4-42E7-B7DE-2800488C7A37@gmail.com>
Date: Sat, 25 Apr 2026 13:24:20 +0200
From: Bartosz Brachaczek <b.brachaczek@...il.com>
To: musl@...ts.openwall.com, David Sparks <sparks05@...ton.me>,
 "dalias@...ifal.cx" <dalias@...ifal.cx>
CC: "musl@...ts.openwall.com" <musl@...ts.openwall.com>,
 "mailto.luca.kellermann@...il.com" <mailto.luca.kellermann@...il.com>
Subject: Re: Some additional qsort patches

On April 25, 2026 9:01:49 AM GMT+02:00, David Sparks <sparks05@...ton.me> wrote:
>Suppose I have a 32-bit address space, and sort over 2^31 maliciously
>chosen bytes.
>
>In particular, suppose I have a heap consisting of L(43) + L(41)
>+ L(39) + ... + L(3) + L(1) (0x539d4bb9 + 0x1ff0186f + 0x0c32fd95
>+ ... + 6 + 1 = 0x874a7eed = 2,269,806,317‬ element), and I add one
>more element which will trinkle and sift all the way down to position 0.

The largest possible array on 32-bit is 2GB (PTRDIFF_MAX). I reported what I wrongly thought was a bug in the loop filling the lp array for ~3GB inputs privately to Rich and he pointed me to https://www.openwall.com/lists/musl/2016/01/09/2 

Bartosz

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.