Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!usc!elroy.jpl.nasa.gov!jato!mahendo!wlbr!wlv.imsd.contel.com!sms
From: sms@wlv.imsd.contel.com (Steven M. Schultz)
Newsgroups: comp.bugs.2bsd
Subject: qsort(3) mishandles large arrays (+FIX)
Message-ID: <56128@wlbr.IMSD.CONTEL.COM>
Date: 25 Jul 90 01:22:53 GMT
Sender: news@wlbr.IMSD.CONTEL.COM
Reply-To: sms@wlv.imsd.contel.com (Steven M. Schultz)
Organization: Contel Federal Systems
Lines: 39

Subject: qsort(3) mishandles large arrays (+FIX)
Index:	lib/libc/gen/qsort.c 2.10BSD

Description:
	In the qst function the variables `lo' and `hi' are declared 
	as `int'.  They should be `unsigned' or else qsort can bomb.  
	
Repeat-By:
	This bug crept up in a modified version of nm(1) being used
	to read the symbol table of /unix.
	/unix has ~3570 symbols. After multiplying that by
	the size of a symbol structure, the array which qsort(3)
	was asked to sort was over 32767, at which point qsort(3)
	malfunctioned.

Fix:

	Apply the following patch, then reinstall qsort into libc.a
	and libc_p.a 

*** qsort.c.old	Sun Mar  9 19:53:17 1986
--- qsort.c	Tue Jul 24 18:04:46 1990
***************
*** 114,120 ****
  	register char c, *i, *j, *jj;
  	register int ii;
  	char *mid, *tmp;
! 	int lo, hi;
  
  	/*
  	 * At the top here, lo is the number of characters of elements in the
--- 114,120 ----
  	register char c, *i, *j, *jj;
  	register int ii;
  	char *mid, *tmp;
! 	unsigned int lo, hi;
  
  	/*
  	 * At the top here, lo is the number of characters of elements in the