[Bug string/23865] New: wcsstr is quadratic-time

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

[Bug string/23865] New: wcsstr is quadratic-time

cbiesinger at google dot com
https://sourceware.org/bugzilla/show_bug.cgi?id=23865

            Bug ID: 23865
           Summary: wcsstr is quadratic-time
           Product: glibc
           Version: 2.28
            Status: NEW
          Severity: normal
          Priority: P2
         Component: string
          Assignee: unassigned at sourceware dot org
          Reporter: jsm28 at gcc dot gnu.org
  Target Milestone: ---

The wcsstr implementation in glibc is a naive O(mn) implementation, which
allows denial of service with untrusted inputs.  A smarter O(m+n)
implementation should be used, as with strstr.

--
You are receiving this mail because:
You are on the CC list for the bug.
Reply | Threaded
Open this post in threaded view
|

[Bug string/23865] wcsstr is quadratic-time

cbiesinger at google dot com
https://sourceware.org/bugzilla/show_bug.cgi?id=23865

Florian Weimer <fweimer at redhat dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |fweimer at redhat dot com
              Flags|                            |security-

--- Comment #1 from Florian Weimer <fweimer at redhat dot com> ---
Flagging security- until there is demonstrated application impact.

--
You are receiving this mail because:
You are on the CC list for the bug.