Date: Sun, 30 Oct 2016 20:10:31 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 213922] crafted data could cause qsort to exhaust stack space Message-ID: <bug-213922-8@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D213922 Bug ID: 213922 Summary: crafted data could cause qsort to exhaust stack space Product: Base System Version: CURRENT Hardware: Any OS: Any Status: New Severity: Affects Many People Priority: --- Component: bin Assignee: freebsd-bugs@FreeBSD.org Reporter: jhoward@alumni.utexas.net Quick sort is recursive. It divides the sort data into two sections, moves some elements around, then recurses to sort each section. The BSD implementation, largely taken from Bentley & McIlroy's "Engineering= a Sort Function", omits the tail recursion in order to save stack space. Howe= ver, it always sorts the "left" section by recursion, even when it is large rela= tive to the "right" section. Imagine crafted data such that each time the routine must recurse the "righ= t" section is extremely small. Maybe only a few elements wide. This would necessitate a maximum stack depth on the order of N, where N is the number = of elements being sorted. If, however, the routine always chose to sort the *smaller* of the two sub-sections via recursion, then the maximum stack depth would be at worst log2(N). Qsort should test the "width" of each section before recursing, and always choose to sort the smaller one via recursion. This results in an optimally= low worst-case in terms of required stack space. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-213922-8>