Bug 693704

Summary: yajl may infloop; it will also dereference NULL on OOM
Product: Red Hat Enterprise Linux 6 Reporter: Jim Meyering <meyering>
Component: yajlAssignee: Daniel Berrangé <berrange>
Status: CLOSED WONTFIX QA Contact: BaseOS QE - Apps <qe-baseos-apps>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 6.3CC: bnater
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-08-26 12:43:27 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Jim Meyering 2011-04-05 11:36:00 UTC 
Description of problem: when appending requires a buffer of size 2^31+1 or larger, yajl gets stuck in an infloop

It also will dereference NULL in numerous places upon failed malloc and realloc.
Reported upstream:
http://librelist.com/browser//yajl/2011/4/5/avoid-infloop-upon-buffer-append/
http://librelist.com/browser//yajl/2011/4/5/patch-add-assertions-to-avoid-dereferencing-null-upon-oom/

Version-Release number of selected component (if applicable):


How reproducible: NA
found via inspection, though I can write code to provoke the infloop

Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 2 RHEL Program Management 2011-04-05 11:43:35 UTC 
Since RHEL 6.1 External Beta has begun, and this bug remains
unresolved, it has been rejected as it is not proposed as
exception or blocker.

Red Hat invites you to ask your support representative to
propose this request, if appropriate and relevant, in the
next release of Red Hat Enterprise Linux.
Comment 4 Daniel Berrangé 2016-08-26 12:43:27 UTC 
Fixing this would effectively require rebasing yajl to the new upstream version which fixes the code to use size_t and do propr OOM chcking. This new version however is not ABI compatible, so not something that can be done in a RHEL update