GNU bug report logs - #78879
Potential Out-of-Memory in coreutils od

Previous Next

Package: coreutils;

Reported by: Jaehoon Jang <jaehoon.jang <at> prosys.kaist.ac.kr>

Date: Mon, 23 Jun 2025 19:13:03 UTC

Severity: normal

Done: Pádraig Brady <P <at> draigBrady.com>

Bug is archived. No further changes may be made.

Full log

Message #8 received at 78879 <at> debbugs.gnu.org (full text, mbox):

From: Paul Eggert <eggert <at> cs.ucla.edu>
To: Jaehoon Jang <jaehoon.jang <at> prosys.kaist.ac.kr>, 78879 <at> debbugs.gnu.org
Subject: Re: bug#78879: Potential Out-of-Memory in coreutils od
Date: Tue, 24 Jun 2025 01:08:03 -0700

On 2025-06-23 01:21, Jaehoon Jang wrote:
> This happens because the parsed -w value is passed to bytes_per_block,
> which is then used in a call to xnmalloc, leading to potentially dangerous
> memory allocation.

"Dangerous" in the sense that if you give "od" a large task it needs a 
lot of RAM? If so, most nontrivial programs are "dangerous".

> To mitigate this issue, we suggest adding a proper argument validation
> check to handle such edge cases safely.

No need for that. Just use 'ulimit -v' and set whatever limit you like. 
This will fix the danger that you perceive, not just for "od", but for 
all applications that you run. There's no need to change the apps.

This bug report was last modified 3 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #78879 Potential Out-of-Memory in coreutils od

GNU bug report logs - #78879
Potential Out-of-Memory in coreutils od