qsort(3) mishandles large arrays (+FIX)
Steven M. Schultz
sms at wlv.imsd.contel.com
Wed Jul 25 11:22:53 AEST 1990
Subject: qsort(3) mishandles large arrays (+FIX)
Index: lib/libc/gen/qsort.c 2.10BSD
Description:
In the qst function the variables `lo' and `hi' are declared
as `int'. They should be `unsigned' or else qsort can bomb.
Repeat-By:
This bug crept up in a modified version of nm(1) being used
to read the symbol table of /unix.
/unix has ~3570 symbols. After multiplying that by
the size of a symbol structure, the array which qsort(3)
was asked to sort was over 32767, at which point qsort(3)
malfunctioned.
Fix:
Apply the following patch, then reinstall qsort into libc.a
and libc_p.a
*** qsort.c.old Sun Mar 9 19:53:17 1986
--- qsort.c Tue Jul 24 18:04:46 1990
***************
*** 114,120 ****
register char c, *i, *j, *jj;
register int ii;
char *mid, *tmp;
! int lo, hi;
/*
* At the top here, lo is the number of characters of elements in the
--- 114,120 ----
register char c, *i, *j, *jj;
register int ii;
char *mid, *tmp;
! unsigned int lo, hi;
/*
* At the top here, lo is the number of characters of elements in the
More information about the Comp.bugs.2bsd
mailing list