public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug libc/11571] New: getlogin_r (NULL, 0) segfaults
@ 2010-05-05 16:01 rjones at redhat dot com
2010-05-05 16:03 ` [Bug libc/11571] " rjones at redhat dot com
` (2 more replies)
0 siblings, 3 replies; 5+ messages in thread
From: rjones at redhat dot com @ 2010-05-05 16:01 UTC (permalink / raw)
To: glibc-bugs
#include <unistd.h>
main ()
{
getlogin_r (NULL, 0);
}
----
$ gcc -g test.c -o test
$ ./test
Segmentation fault (core dumped)
----
This seems to be a regression in glibc 2.12, since glibc 2.11.90
did not segfault under these conditions.
The stack trace is:
Program received signal SIGSEGV, Segmentation fault.
__strncpy_sse2 (s1=0x0, s2=0x7fffffffdee1 "jones", n=18446744073709551615)
at ./strncpy.c:43
43 *++s1 = c;
(gdb) bt
#0 __strncpy_sse2 (s1=0x0, s2=0x7fffffffdee1 "jones", n=18446744073709551615)
at ./strncpy.c:43
#1 0x00007ffff7b071d2 in __getlogin_r_loginuid (name=0x0, namesize=0)
at ../sysdeps/unix/sysv/linux/getlogin_r.c:84
#2 0x00007ffff7b07299 in getlogin_r (name=0x0, namesize=0)
at ../sysdeps/unix/sysv/linux/getlogin_r.c:103
#3 0x00000000004004d7 in main () at test.c:5
--
Summary: getlogin_r (NULL, 0) segfaults
Product: glibc
Version: unspecified
Status: NEW
Severity: normal
Priority: P2
Component: libc
AssignedTo: drepper at redhat dot com
ReportedBy: rjones at redhat dot com
CC: glibc-bugs at sources dot redhat dot com
http://sourceware.org/bugzilla/show_bug.cgi?id=11571
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug libc/11571] getlogin_r (NULL, 0) segfaults
2010-05-05 16:01 [Bug libc/11571] New: getlogin_r (NULL, 0) segfaults rjones at redhat dot com
@ 2010-05-05 16:03 ` rjones at redhat dot com
2010-05-05 16:09 ` rjones at redhat dot com
2010-05-05 16:45 ` drepper at redhat dot com
2 siblings, 0 replies; 5+ messages in thread
From: rjones at redhat dot com @ 2010-05-05 16:03 UTC (permalink / raw)
To: glibc-bugs
------- Additional Comments From rjones at redhat dot com 2010-05-05 16:03 -------
Note the problem is the zero length, not the
NULL pointer. For example this also segfaults:
#include <unistd.h>
main ()
{
char buffer[10000];
getlogin_r (buffer, 0);
}
--
http://sourceware.org/bugzilla/show_bug.cgi?id=11571
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug libc/11571] getlogin_r (NULL, 0) segfaults
2010-05-05 16:01 [Bug libc/11571] New: getlogin_r (NULL, 0) segfaults rjones at redhat dot com
2010-05-05 16:03 ` [Bug libc/11571] " rjones at redhat dot com
@ 2010-05-05 16:09 ` rjones at redhat dot com
2010-05-05 16:45 ` drepper at redhat dot com
2 siblings, 0 replies; 5+ messages in thread
From: rjones at redhat dot com @ 2010-05-05 16:09 UTC (permalink / raw)
To: glibc-bugs
------- Additional Comments From rjones at redhat dot com 2010-05-05 16:08 -------
Problem is:
getlogin_r.c:84 strncpy (name, pwd.pw_name, namesize - 1);
http://sourceware.org/git/?
p=glibc.git;a=blob;f=sysdeps/unix/sysv/linux/getlogin_r.c;h=d9c66fe2598fb9dbc0fe1a6577f5db420598
0392;hb=HEAD#l84
namesize == 0, so it calls strncpy with -1 as the 3rd parameter.
--
http://sourceware.org/bugzilla/show_bug.cgi?id=11571
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug libc/11571] getlogin_r (NULL, 0) segfaults
2010-05-05 16:01 [Bug libc/11571] New: getlogin_r (NULL, 0) segfaults rjones at redhat dot com
2010-05-05 16:03 ` [Bug libc/11571] " rjones at redhat dot com
2010-05-05 16:09 ` rjones at redhat dot com
@ 2010-05-05 16:45 ` drepper at redhat dot com
2 siblings, 0 replies; 5+ messages in thread
From: drepper at redhat dot com @ 2010-05-05 16:45 UTC (permalink / raw)
To: glibc-bugs
------- Additional Comments From drepper at redhat dot com 2010-05-05 16:45 -------
Fixed in git.
--
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
http://sourceware.org/bugzilla/show_bug.cgi?id=11571
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug libc/11571] getlogin_r (NULL, 0) segfaults
[not found] <bug-11571-131@http.sourceware.org/bugzilla/>
@ 2014-06-30 18:07 ` fweimer at redhat dot com
0 siblings, 0 replies; 5+ messages in thread
From: fweimer at redhat dot com @ 2014-06-30 18:07 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=11571
Florian Weimer <fweimer at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Flags| |security-
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2014-06-30 18:07 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2010-05-05 16:01 [Bug libc/11571] New: getlogin_r (NULL, 0) segfaults rjones at redhat dot com
2010-05-05 16:03 ` [Bug libc/11571] " rjones at redhat dot com
2010-05-05 16:09 ` rjones at redhat dot com
2010-05-05 16:45 ` drepper at redhat dot com
[not found] <bug-11571-131@http.sourceware.org/bugzilla/>
2014-06-30 18:07 ` fweimer at redhat dot com
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).