Re: glibc qsort() vulnerability

On Mon, Feb 12, 2024 at 4:57 PM Nathan Bossart <nathandbossart(at)gmail(dot)com>
wrote:

> On Sun, Feb 11, 2024 at 03:44:42PM +0100, Mats Kindahl wrote:
> > On Sat, Feb 10, 2024 at 9:53 PM Nathan Bossart <nathandbossart(at)gmail(dot)com
> >
> > wrote:
> >> and I think we should expand on some of the commentary in int.h.
> >> For example, the comment at the top of int.h seems very tailored to the
> >> existing functions and should probably be adjusted.
> >
> >
> > I rewrote the beginning to the following, does that look good?
> >
> > * int.h
> > * Routines to perform signed and unsigned integer arithmetics,
> including
> > * comparisons, in an overflow-safe way.
> >
> >
> >
> >> And the "comparison
> >> routines for integers" comment might benefit from some additional
> details
> >> about the purpose and guarantees of the new functions.
> >>
> >
> > I expanded that into the following. WDYT?
> >
> >
> /*------------------------------------------------------------------------
> > * Comparison routines for integers.
> > *
> > * These routines are used to implement comparison functions for, e.g.,
> > * qsort(). They are designed to be efficient and not risk overflows in
> > * internal computations that could cause strange results, such as
> INT_MIN >
> > * INT_MAX if you just return "lhs - rhs".
> >
> *------------------------------------------------------------------------
>
> LGTM. I might editorialize a bit before committing, but I think your
> proposed wording illustrates the thrust of the change.
>

Thanks Nathan,

Here are the two fixed patches.

Best wishes,
Mats Kindahl

>
> --
> Nathan Bossart
> Amazon Web Services: https://aws.amazon.com
>