Andreas Schwab writes: > Jim Meyering <[EMAIL PROTECTED]> writes: > > > I'm interested, because I don't want my applications to segfault on such > > inputs. Sure it may look a little far-fetched, but I think it's not. > > Imagine such a bit pattern being injected into a network data stream > > that is then printed as a long double. Just printing an arbitrary > > "long double" should not make a server vulnerable to a DoS attack. > > In which way is this different from passing NULL to strlen?
In that long doubles are scalar values while strlen's argument is a pointer value. In general with scalars there is no value whose meaning or effect is undefined, unlike pointers. If glibc can indeed be made to segfault just by doing printf on some particular long double value then I think that is worth reporting as a security vulnerability. Paul.
