Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20240205155619.GA28587@localhost.localdomain>
Date: Mon, 5 Feb 2024 15:56:41 +0000
From: Qualys Security Advisory <qsa@...lys.com>
To: Solar Designer <solar@...nwall.com>
CC: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com>,
        Adhemerval Zanella <adhemerval.zanella@...aro.org>
Subject: Re: Out-of-bounds read & write in the glibc's qsort()

Hi Solar, all,

On Sun, Feb 04, 2024 at 05:35:20PM +0100, Solar Designer wrote:
> It's so invasive I cannot easily tell whether qsort() remained robust
> after it or not.  There's no longer a "tmp_ptr != base_ptr &&" check.
> So, lacking known-working tests in glibc tree, we don't know about glibc
> 2.39's status with respect to this issue.

The "tmp_ptr != base_ptr" bounds check was originally added to the
_quicksort() function, but is not needed anymore in glibc 2.39 because
the old fallback to quick sort (the _quicksort() function) has been
completely removed and replaced by a fallback to heap sort.

Note, just in case: we have not reviewed the implementation of this new
fallback to heap sort.

> Great findings and excellent quality write-up from Qualys, as usual.

Thank you very much for your kind words!

With best regards,

-- 
the Qualys Security Advisory team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.