This is the mail archive of the
cygwin
mailing list for the Cygwin project.
Re: FYI - bash crash due to asprintf bug
Robbie Gates <robbie <at> m8s.org> writes:
>
> > reduces asprintf's use of realloc from quadratic
> > to log-linear performance (ie. calling realloc every time you add a byte
> > is bad, compared to doubling the buffer size every time you call realloc).
>
> Just out of interest, note that a size increase of 50% (i.e. new size
> = (3*oldsize)/2) has better properties for certain memory managers, as
> opposed to doubling. It has the same asymptotic complexity improvement
> as doubling. Roughly speaking, any factor less than the golden ratio
> (1+sqrt(5))/2 is good, but 1.5 is (a) cheaply obtanied on most cpu
> architectures, and (b) leaves a little space in case the memory
> manager adds some overhead. See http://tinyurl.com/yd5669 for details.
Thanks for the advice. Here's the patch I submitted:
http://sourceware.org/ml/newlib/2006/msg00931.html
The full vulnerability is that on cygwin, any program that uses asprintf with
cygwin 1.5.22 or earlier, where the result of asprintf is a multiple of 4 but
not 8 and is greater than 1024, will corrupt the heap. I'm now debating
whether it is worth spinning another version of bash that works around this bug
(by faking out bash's configure to not discover the broken asprintf, so that
bash then uses its non-buggy replacement asprintf), or just waiting for the
next cygwin version to come out.
--
Eric Blake
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/