public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug libc/12005] New: malloc(-1ul) segfaults when using mcheck
@ 2010-09-11 16:02 sources dot redhat dot com at contacts dot eelis dot net
2010-09-11 16:21 ` [Bug libc/12005] " andrey dot vihrov at gmail dot com
` (2 more replies)
0 siblings, 3 replies; 5+ messages in thread
From: sources dot redhat dot com at contacts dot eelis dot net @ 2010-09-11 16:02 UTC (permalink / raw)
To: glibc-bugs
The malloc call in the following testcase segfaults both on my x86-64 machine
with glibc 2.11.2 and on a x86-32 machine with glibc 2.9:
#include <stdlib.h>
#include <mcheck.h>
int main () {
mcheck(0);
malloc(-1ul);
return 0;
}
Obviously, malloc should return 0 instead of segfaulting. :)
--
Summary: malloc(-1ul) segfaults when using mcheck
Product: glibc
Version: 2.11
Status: NEW
Severity: normal
Priority: P2
Component: libc
AssignedTo: drepper at redhat dot com
ReportedBy: sources dot redhat dot com at contacts dot eelis dot net
CC: glibc-bugs at sources dot redhat dot com
GCC host triplet: x86_64-suse-linux
http://sourceware.org/bugzilla/show_bug.cgi?id=12005
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug libc/12005] malloc(-1ul) segfaults when using mcheck
2010-09-11 16:02 [Bug libc/12005] New: malloc(-1ul) segfaults when using mcheck sources dot redhat dot com at contacts dot eelis dot net
@ 2010-09-11 16:21 ` andrey dot vihrov at gmail dot com
2010-09-11 16:46 ` andrey dot vihrov at gmail dot com
2010-10-04 2:27 ` drepper dot fsp at gmail dot com
2 siblings, 0 replies; 5+ messages in thread
From: andrey dot vihrov at gmail dot com @ 2010-09-11 16:21 UTC (permalink / raw)
To: glibc-bugs
--
What |Removed |Added
----------------------------------------------------------------------------
CC| |andrey dot vihrov at gmail
| |dot com
http://sourceware.org/bugzilla/show_bug.cgi?id=12005
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug libc/12005] malloc(-1ul) segfaults when using mcheck
2010-09-11 16:02 [Bug libc/12005] New: malloc(-1ul) segfaults when using mcheck sources dot redhat dot com at contacts dot eelis dot net
2010-09-11 16:21 ` [Bug libc/12005] " andrey dot vihrov at gmail dot com
@ 2010-09-11 16:46 ` andrey dot vihrov at gmail dot com
2010-10-04 2:27 ` drepper dot fsp at gmail dot com
2 siblings, 0 replies; 5+ messages in thread
From: andrey dot vihrov at gmail dot com @ 2010-09-11 16:46 UTC (permalink / raw)
To: glibc-bugs
------- Additional Comments From andrey dot vihrov at gmail dot com 2010-09-11 16:46 -------
With mcheck enabled malloc() and realloc() try to allocate "sizeof (struct hdr)
+ size + 1" instead of the user-specified "size", as seen in mallochook() and
reallochook() in malloc/mcheck.c. However, it is never checked whether the new
value overflows. It seems that checking whether "size" is greater than "SIZE_MAX
- sizeof (struct hdr) - 1" and returning NULL in such case could be a solution.
--
http://sourceware.org/bugzilla/show_bug.cgi?id=12005
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug libc/12005] malloc(-1ul) segfaults when using mcheck
2010-09-11 16:02 [Bug libc/12005] New: malloc(-1ul) segfaults when using mcheck sources dot redhat dot com at contacts dot eelis dot net
2010-09-11 16:21 ` [Bug libc/12005] " andrey dot vihrov at gmail dot com
2010-09-11 16:46 ` andrey dot vihrov at gmail dot com
@ 2010-10-04 2:27 ` drepper dot fsp at gmail dot com
2 siblings, 0 replies; 5+ messages in thread
From: drepper dot fsp at gmail dot com @ 2010-10-04 2:27 UTC (permalink / raw)
To: glibc-bugs
------- Additional Comments From drepper dot fsp at gmail dot com 2010-10-04 02:27 -------
Should be fixed in git.
--
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
http://sourceware.org/bugzilla/show_bug.cgi?id=12005
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug libc/12005] malloc(-1ul) segfaults when using mcheck
[not found] <bug-12005-131@http.sourceware.org/bugzilla/>
@ 2014-06-30 8:03 ` fweimer at redhat dot com
0 siblings, 0 replies; 5+ messages in thread
From: fweimer at redhat dot com @ 2014-06-30 8:03 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=12005
Florian Weimer <fweimer at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Flags| |security-
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2014-06-30 8:03 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2010-09-11 16:02 [Bug libc/12005] New: malloc(-1ul) segfaults when using mcheck sources dot redhat dot com at contacts dot eelis dot net
2010-09-11 16:21 ` [Bug libc/12005] " andrey dot vihrov at gmail dot com
2010-09-11 16:46 ` andrey dot vihrov at gmail dot com
2010-10-04 2:27 ` drepper dot fsp at gmail dot com
[not found] <bug-12005-131@http.sourceware.org/bugzilla/>
2014-06-30 8:03 ` fweimer at redhat dot com
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).