bug-gnulib
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: glob resource exhaustion [CVE-2010-2632]


From: Paul Eggert
Subject: Re: glob resource exhaustion [CVE-2010-2632]
Date: Wed, 13 Oct 2010 20:59:42 -0700
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.12) Gecko/20100915 Thunderbird/3.0.8

On 10/13/2010 05:48 PM, Bruno Haible wrote:

> But the braces are a GNU extension, and the doc
>   <http://www.gnu.org/software/libc/manual/html_mono/libc.html>
> is pretty clear that {..,..} _will_ generate duplicates.

As near as I can tell, this is an accident, both of the libc implementation
and of the documentation.  I don't think users expect or want the duplicates.
The fact that there are duplicates was a complete surprise to me, and I've
been using this notation for decades.

> The expansion size is still exponential in the input size:

Yes, quite true.



reply via email to

[Prev in Thread] Current Thread [Next in Thread]