public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug libc/968] New: Integer overflow in strxfrm_l.c
@ 2005-05-24 21:02 barbier at linuxfr dot org
2005-05-24 21:10 ` [Bug libc/968] " barbier at linuxfr dot org
2005-10-15 20:51 ` drepper at redhat dot com
0 siblings, 2 replies; 3+ messages in thread
From: barbier at linuxfr dot org @ 2005-05-24 21:02 UTC (permalink / raw)
To: glibc-bugs
libc/string/strxfrm_l.c contains the following lines:
/* Handle the pushed elements now. */
size_t backw;
for (backw = idxcnt - 1; backw >= backw_stop; --backw)
If backw_stop is 0. the end test never fails.
This never happens in practice because localedef is broken
(see BZ#645) and stores a single
order_start forward;forward;forward;forward,position
rule, and hence the backward directive is never processed.
But this bug arises when the patch sent to BZ#645 is applied.
--
Summary: Integer overflow in strxfrm_l.c
Product: glibc
Version: 2.3.5
Status: NEW
Severity: normal
Priority: P2
Component: libc
AssignedTo: gotom at debian dot or dot jp
ReportedBy: barbier at linuxfr dot org
CC: glibc-bugs at sources dot redhat dot com
OtherBugsDependingO 645
nThis:
http://sources.redhat.com/bugzilla/show_bug.cgi?id=968
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 3+ messages in thread
* [Bug libc/968] Integer overflow in strxfrm_l.c
2005-05-24 21:02 [Bug libc/968] New: Integer overflow in strxfrm_l.c barbier at linuxfr dot org
@ 2005-05-24 21:10 ` barbier at linuxfr dot org
2005-10-15 20:51 ` drepper at redhat dot com
1 sibling, 0 replies; 3+ messages in thread
From: barbier at linuxfr dot org @ 2005-05-24 21:10 UTC (permalink / raw)
To: glibc-bugs
------- Additional Comments From barbier at linuxfr dot org 2005-05-24 21:10 -------
Created an attachment (id=495)
--> (http://sources.redhat.com/bugzilla/attachment.cgi?id=495&action=view)
Proposed patch to fix loops when backw_stop is 0
--
http://sources.redhat.com/bugzilla/show_bug.cgi?id=968
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 3+ messages in thread
* [Bug libc/968] Integer overflow in strxfrm_l.c
2005-05-24 21:02 [Bug libc/968] New: Integer overflow in strxfrm_l.c barbier at linuxfr dot org
2005-05-24 21:10 ` [Bug libc/968] " barbier at linuxfr dot org
@ 2005-10-15 20:51 ` drepper at redhat dot com
1 sibling, 0 replies; 3+ messages in thread
From: drepper at redhat dot com @ 2005-10-15 20:51 UTC (permalink / raw)
To: glibc-bugs
------- Additional Comments From drepper at redhat dot com 2005-10-15 20:51 -------
The patch is everything but optimal. If fixed it differently.
--
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
http://sourceware.org/bugzilla/show_bug.cgi?id=968
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2005-10-15 20:51 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2005-05-24 21:02 [Bug libc/968] New: Integer overflow in strxfrm_l.c barbier at linuxfr dot org
2005-05-24 21:10 ` [Bug libc/968] " barbier at linuxfr dot org
2005-10-15 20:51 ` drepper at redhat dot com
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).