Re: potrace
Hugo Lefeuvre <hle@debian.org> writes:
> Would it help to add a check after the malloc call, that would make sure
> that malloc-ed memory is really available ?
>
> Something like:
>
> bm->map = (potrace_word *) malloc(size);
> if (!bm->map || malloc_usable_size(bm->map) != size) {
> free(bm);
> return NULL;
> }
I am not really familiar with this malloc_usable_size function. However
I suspect it isn't going to help. Simply because Linux by default -
AFAIK this is still the case - I am not keeping up to date with Linux
memory management - overcommits memory, and I suspect these calls could
both still succeed.
Which in turn could trigger the OOM killer (does this still exist?), and
there is no guarantee it will kill the correct process. I guess that
could be a security issue.
> I feel like fixing this issue is going to be very time consuming and I'm
> not sure whether it's worth taking so much time for this (previously
> no-dsa triaged) issue. :)
I tend to think the only solution is to prescan the file and check that
the file size matches the declared value. Which is probably more time
then I am prepared to spend on what I consider a minor issue.
--
Brian May <bam@debian.org>
Reply to: