[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: libzstd :: non-regular file test failure
|
From: |
Sergey Bugaev |
|
Subject: |
Re: libzstd :: non-regular file test failure |
|
Date: |
Wed, 4 Dec 2024 11:56:16 +0300 |
On Wed, Dec 4, 2024 at 11:26 AM Samuel Thibault <samuel.thibault@gnu.org> wrote:
> It's probably worth checking other _write methods in libstore/
That, and also glibc should make more efforts to be resilient against
servers returning bogus read/write amounts, whether by mistake like
here or maliciously. If we don't sanitize 'count', the
data = (void *) ((char *) data + count);
line in _IO_new_file_write doesn't look safe at all. That's an
arbitrary memory disclosure and a crash/DoS in plain sight.
Sergey
- Re: libzstd :: non-regular file test failure, (continued)
- Re: libzstd :: non-regular file test failure, Samuel Thibault, 2024/12/03
- Re: libzstd :: non-regular file test failure, Diego Nieto Cid, 2024/12/03
- Re: libzstd :: non-regular file test failure, Diego Nieto Cid, 2024/12/03
- Re: libzstd :: non-regular file test failure, Diego Nieto Cid, 2024/12/03
- Re: libzstd :: non-regular file test failure, Sergey Bugaev, 2024/12/03
- Re: libzstd :: non-regular file test failure, Samuel Thibault, 2024/12/04
- Re: libzstd :: non-regular file test failure,
Sergey Bugaev <=
- Re: libzstd :: non-regular file test failure, Samuel Thibault, 2024/12/04
- Re: libzstd :: non-regular file test failure, Diego Nieto Cid, 2024/12/04
- Re: libzstd :: non-regular file test failure, Samuel Thibault, 2024/12/28