This is the mail archive of the
mailing list for the glibc project.
Re: [PATCH] vfprintf: validate nargs and maybe allocate from heap
On Tue, Feb 14, 2012 at 04:39:12PM -0600, Ryan S. Arnold wrote:
> On Tue, Feb 14, 2012 at 4:30 PM, Kees Cook <email@example.com> wrote:
> > On Tue, Feb 14, 2012 at 04:20:17PM -0600, Ryan S. Arnold wrote:
> >> Currently I'm testing PowerPC 64-bit and bug-vfprintf-nargs is getting
> >> killed by the skeleton code due to a timeout before the expected
> >> SEGV happens.
> > Hrm, I wonder if this timeout is from it allocating giant memory region
> > using a layout that actually allows it without crashing into other things.
> > (i.e. x86_64 would always very rapidly crash, but I don't know about
> > ppc's layout.)
> I'm not terribly familiar with how large allocations are handled.
> Eventually it DOES crash if given a large enough TIMEOUTFACTOR.
I'd rather avoid trying to test variable behavior. Better to do what was
intended: ignore the 64-bit case.
> >> Of course, on a system that's not under loader this may SEGV before
> >> the timeout is hit and SIGALRM is raised.
> > Perhaps under 64-bit, it should just skip the test entirely? The 64-bit
> > case is meaningless anyway.
> If that's desired then you'd remove the assignment of the testcase to
> 'tests' in stdio-common/Makefile and put it here:
> ifeq ($(subdir),stdio-common)
> tests += bug-vfprintf-nargs
> Perhaps someone else has an opinion on this?
I'm happy to do either -- the test contains 2 tiny "are things terribly
broken?" checks that are arch-agnostic, so I could see leaving it in the
general test list too. I'm happy to do either.
Kees Cook @outflux.net