Paul Eggert [EMAIL PROTECTED] wrote:
Georgi Guninski [EMAIL PROTECTED] writes:
The heap is quite screwed, but ls is killed by the kernel due to
memory usage.
Thanks for reporting the bug. As it happens, I had already been
preparing a more general patch for address arithmetic overflow bugs in
coreutils. A patch for the 'ls' problem is enclosed below. It causes
'ls' to immediately report memory exhausted for your example. It
also fixes a few other related bugs (notably on 64-bit hosts).
Probably ls should not accept big ints after -w.
'ls' could impose an arbitrary limit on column width, but that would
run counter to the no arbitrary limits policy of GNU.
As a side effect this causes temporary DoS in wu-ftpd.
Perhaps wu-ftpd can refuse to invoke 'ls' with the -w option, or with
a -w option that wu-ftpd thinks would use too much memory.
2003-10-13 Paul Eggert [EMAIL PROTECTED]
Fix address-arithmetic bug in 'ls', reported by Georgi Guninski.
Remove several arbitrary limits on hosts where int cannot represent
all size_t values.
Thanks, Paul!
I've applied that.
As you probably noticed, init_column_info allocates O(N^2)
space when ls is invoked with `--width=N' and -x or -C.
Eventually we may want to investigate change the algorithm, or --
failing that -- limit N.
___
Bug-coreutils mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/bug-coreutils