Okay, this is confirmed. It appears to be stack exhaustion within libc while handling nss_files's getent call to read a 200K line from the /etc/hosts file:
This extend_alloca eventually reaches way above stack memory and seg faults. This problem seems specific to nss_files, and requires a very unusual local configuration, so I'm going to unmark this a private security issue. Thanks!
Okay, this is confirmed. It appears to be stack exhaustion within libc while handling nss_files's getent call to read a 200K line from the /etc/hosts file:
while (1)
rc = __gethostbyname2_r (name, family, &th, tmpbuf,
tmpbuflen, &h, &herrno);
if (rc != ERANGE || herrno != NETDB_INTERNAL)
break;
tmpbuf = extend_alloca (tmpbuf, tmpbuflen, 2 * tmpbuflen);
{
}
This extend_alloca eventually reaches way above stack memory and seg faults. This problem seems specific to nss_files, and requires a very unusual local configuration, so I'm going to unmark this a private security issue. Thanks!