On Sun Jul 06 11:03:37 2008, japhb wrote:
>
> Better yet, we should replace the inherently insecure quicksort
> algorithm (insecure in the "vulnerable to algorithmic attack" sense)
> with a more secure mergesort like perl5 uses. IIRC, perl5's mergesort
> is also carefully crafted to be as sensible as possible in the face of
> insane compare functions ....
No objections here, but until that's available the attached patch stops
the segfault from occurring with the existing quicksort function.
- Andrew
Index: src/utils.c
===================================================================
--- src/utils.c (revision 28832)
+++ src/utils.c (working copy)
@@ -875,7 +875,7 @@
for (i = 0, j = n; ;) {
do
--j;
- while (COMPARE(interp, data[j], data[0], cmp) > 0);
+ while (j > 0 && COMPARE(interp, data[j], data[0], cmp) > 0);
do
++i;
