diff options
| author | Siddhesh Poyarekar <siddhesh@redhat.com> | 2013-09-23 11:24:30 +0530 |
|---|---|---|
| committer | Siddhesh Poyarekar <siddhesh@redhat.com> | 2013-09-23 11:29:53 +0530 |
| commit | 303e567a8062200dc06acde7c76fc34679f08d8f (patch) | |
| tree | 8e0c198956de9addb51216c5cfccd47d7c4be69b /ChangeLog | |
| parent | 141f3a77fe4f1b59b0afa9bf6909cd2000448883 (diff) | |
| download | glibc-303e567a8062200dc06acde7c76fc34679f08d8f.tar glibc-303e567a8062200dc06acde7c76fc34679f08d8f.tar.gz glibc-303e567a8062200dc06acde7c76fc34679f08d8f.tar.bz2 glibc-303e567a8062200dc06acde7c76fc34679f08d8f.zip | |
Check for integer overflow in cache size computation in strcoll
strcoll is implemented using a cache for indices and weights of
collation sequences in the strings so that subsequent passes do not
have to search through collation data again. For very large string
inputs, the cache size computation could overflow. In such a case,
use the fallback function that does not cache indices and weights of
collation sequences.
Fixes CVE-2012-4412.
Diffstat (limited to 'ChangeLog')
| -rw-r--r-- | ChangeLog | 6 |
1 files changed, 6 insertions, 0 deletions
@@ -1,6 +1,12 @@ 2013-09-23 Siddhesh Poyarekar <siddhesh@redhat.com> [BZ #14547] + * string/tst-strcoll-overflow.c: New test case. + * string/Makefile (xtests): Add tst-strcoll-overflow. + * string/strcoll_l.c (STRCOLL): Skip allocating memory for + cache if string sizes may cause integer overflow. + + [BZ #14547] * string/strcoll_l.c (coll_seq): New members rule, idx, save_idx and back_us. (get_next_seq_nocache): New function. |