[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: glob resource exhaustion [CVE-2010-2632]
From: |
Paul Eggert |
Subject: |
Re: glob resource exhaustion [CVE-2010-2632] |
Date: |
Wed, 13 Oct 2010 20:59:42 -0700 |
User-agent: |
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.12) Gecko/20100915 Thunderbird/3.0.8 |
On 10/13/2010 05:48 PM, Bruno Haible wrote:
> But the braces are a GNU extension, and the doc
> <http://www.gnu.org/software/libc/manual/html_mono/libc.html>
> is pretty clear that {..,..} _will_ generate duplicates.
As near as I can tell, this is an accident, both of the libc implementation
and of the documentation. I don't think users expect or want the duplicates.
The fact that there are duplicates was a complete surprise to me, and I've
been using this notation for decades.
> The expansion size is still exponential in the input size:
Yes, quite true.