public inbox for glibc-bugs@sourceware.org help / color / mirror / Atom feed
* [Bug libc/12005] New: malloc(-1ul) segfaults when using mcheck
@ 2010-09-11 16:02 sources dot redhat dot com at contacts dot eelis dot net
2010-09-11 16:21 ` [Bug libc/12005] " andrey dot vihrov at gmail dot com
` (2 more replies)
0 siblings, 3 replies; 5+ messages in thread
From: sources dot redhat dot com at contacts dot eelis dot net @ 2010-09-11 16:02 UTC (permalink / raw)
To: glibc-bugs
The malloc call in the following testcase segfaults both on my x86-64 machine
with glibc 2.11.2 and on a x86-32 machine with glibc 2.9:
#include <stdlib.h>
#include <mcheck.h>
int main () {
mcheck(0);
malloc(-1ul);
return 0;
}
Obviously, malloc should return 0 instead of segfaulting. :)
--
Summary: malloc(-1ul) segfaults when using mcheck
Product: glibc
Version: 2.11
Status: NEW
Severity: normal
Priority: P2
Component: libc
AssignedTo: drepper at redhat dot com
ReportedBy: sources dot redhat dot com at contacts dot eelis dot net
CC: glibc-bugs at sources dot redhat dot com
GCC host triplet: x86_64-suse-linux
http://sourceware.org/bugzilla/show_bug.cgi?id=12005
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 5+ messages in thread* [Bug libc/12005] malloc(-1ul) segfaults when using mcheck 2010-09-11 16:02 [Bug libc/12005] New: malloc(-1ul) segfaults when using mcheck sources dot redhat dot com at contacts dot eelis dot net @ 2010-09-11 16:21 ` andrey dot vihrov at gmail dot com 2010-09-11 16:46 ` andrey dot vihrov at gmail dot com 2010-10-04 2:27 ` drepper dot fsp at gmail dot com 2 siblings, 0 replies; 5+ messages in thread From: andrey dot vihrov at gmail dot com @ 2010-09-11 16:21 UTC (permalink / raw) To: glibc-bugs -- What |Removed |Added ---------------------------------------------------------------------------- CC| |andrey dot vihrov at gmail | |dot com http://sourceware.org/bugzilla/show_bug.cgi?id=12005 ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. ^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug libc/12005] malloc(-1ul) segfaults when using mcheck 2010-09-11 16:02 [Bug libc/12005] New: malloc(-1ul) segfaults when using mcheck sources dot redhat dot com at contacts dot eelis dot net 2010-09-11 16:21 ` [Bug libc/12005] " andrey dot vihrov at gmail dot com @ 2010-09-11 16:46 ` andrey dot vihrov at gmail dot com 2010-10-04 2:27 ` drepper dot fsp at gmail dot com 2 siblings, 0 replies; 5+ messages in thread From: andrey dot vihrov at gmail dot com @ 2010-09-11 16:46 UTC (permalink / raw) To: glibc-bugs ------- Additional Comments From andrey dot vihrov at gmail dot com 2010-09-11 16:46 ------- With mcheck enabled malloc() and realloc() try to allocate "sizeof (struct hdr) + size + 1" instead of the user-specified "size", as seen in mallochook() and reallochook() in malloc/mcheck.c. However, it is never checked whether the new value overflows. It seems that checking whether "size" is greater than "SIZE_MAX - sizeof (struct hdr) - 1" and returning NULL in such case could be a solution. -- http://sourceware.org/bugzilla/show_bug.cgi?id=12005 ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. ^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug libc/12005] malloc(-1ul) segfaults when using mcheck 2010-09-11 16:02 [Bug libc/12005] New: malloc(-1ul) segfaults when using mcheck sources dot redhat dot com at contacts dot eelis dot net 2010-09-11 16:21 ` [Bug libc/12005] " andrey dot vihrov at gmail dot com 2010-09-11 16:46 ` andrey dot vihrov at gmail dot com @ 2010-10-04 2:27 ` drepper dot fsp at gmail dot com 2 siblings, 0 replies; 5+ messages in thread From: drepper dot fsp at gmail dot com @ 2010-10-04 2:27 UTC (permalink / raw) To: glibc-bugs ------- Additional Comments From drepper dot fsp at gmail dot com 2010-10-04 02:27 ------- Should be fixed in git. -- What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED http://sourceware.org/bugzilla/show_bug.cgi?id=12005 ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. ^ permalink raw reply [flat|nested] 5+ messages in thread
[parent not found: <bug-12005-131@http.sourceware.org/bugzilla/>]
* [Bug libc/12005] malloc(-1ul) segfaults when using mcheck [not found] <bug-12005-131@http.sourceware.org/bugzilla/> @ 2014-06-30 8:03 ` fweimer at redhat dot com 0 siblings, 0 replies; 5+ messages in thread From: fweimer at redhat dot com @ 2014-06-30 8:03 UTC (permalink / raw) To: glibc-bugs https://sourceware.org/bugzilla/show_bug.cgi?id=12005 Florian Weimer <fweimer at redhat dot com> changed: What |Removed |Added ---------------------------------------------------------------------------- Flags| |security- -- You are receiving this mail because: You are on the CC list for the bug. ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2014-06-30 8:03 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2010-09-11 16:02 [Bug libc/12005] New: malloc(-1ul) segfaults when using mcheck sources dot redhat dot com at contacts dot eelis dot net
2010-09-11 16:21 ` [Bug libc/12005] " andrey dot vihrov at gmail dot com
2010-09-11 16:46 ` andrey dot vihrov at gmail dot com
2010-10-04 2:27 ` drepper dot fsp at gmail dot com
[not found] <bug-12005-131@http.sourceware.org/bugzilla/>
2014-06-30 8:03 ` fweimer at redhat dot com
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).