public inbox for glibc-bugs@sourceware.org help / color / mirror / Atom feed
* [Bug libc/12005] New: malloc(-1ul) segfaults when using mcheck @ 2010-09-11 16:02 sources dot redhat dot com at contacts dot eelis dot net 2010-09-11 16:21 ` [Bug libc/12005] " andrey dot vihrov at gmail dot com ` (2 more replies) 0 siblings, 3 replies; 5+ messages in thread From: sources dot redhat dot com at contacts dot eelis dot net @ 2010-09-11 16:02 UTC (permalink / raw) To: glibc-bugs The malloc call in the following testcase segfaults both on my x86-64 machine with glibc 2.11.2 and on a x86-32 machine with glibc 2.9: #include <stdlib.h> #include <mcheck.h> int main () { mcheck(0); malloc(-1ul); return 0; } Obviously, malloc should return 0 instead of segfaulting. :) -- Summary: malloc(-1ul) segfaults when using mcheck Product: glibc Version: 2.11 Status: NEW Severity: normal Priority: P2 Component: libc AssignedTo: drepper at redhat dot com ReportedBy: sources dot redhat dot com at contacts dot eelis dot net CC: glibc-bugs at sources dot redhat dot com GCC host triplet: x86_64-suse-linux http://sourceware.org/bugzilla/show_bug.cgi?id=12005 ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. ^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug libc/12005] malloc(-1ul) segfaults when using mcheck 2010-09-11 16:02 [Bug libc/12005] New: malloc(-1ul) segfaults when using mcheck sources dot redhat dot com at contacts dot eelis dot net @ 2010-09-11 16:21 ` andrey dot vihrov at gmail dot com 2010-09-11 16:46 ` andrey dot vihrov at gmail dot com 2010-10-04 2:27 ` drepper dot fsp at gmail dot com 2 siblings, 0 replies; 5+ messages in thread From: andrey dot vihrov at gmail dot com @ 2010-09-11 16:21 UTC (permalink / raw) To: glibc-bugs -- What |Removed |Added ---------------------------------------------------------------------------- CC| |andrey dot vihrov at gmail | |dot com http://sourceware.org/bugzilla/show_bug.cgi?id=12005 ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. ^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug libc/12005] malloc(-1ul) segfaults when using mcheck 2010-09-11 16:02 [Bug libc/12005] New: malloc(-1ul) segfaults when using mcheck sources dot redhat dot com at contacts dot eelis dot net 2010-09-11 16:21 ` [Bug libc/12005] " andrey dot vihrov at gmail dot com @ 2010-09-11 16:46 ` andrey dot vihrov at gmail dot com 2010-10-04 2:27 ` drepper dot fsp at gmail dot com 2 siblings, 0 replies; 5+ messages in thread From: andrey dot vihrov at gmail dot com @ 2010-09-11 16:46 UTC (permalink / raw) To: glibc-bugs ------- Additional Comments From andrey dot vihrov at gmail dot com 2010-09-11 16:46 ------- With mcheck enabled malloc() and realloc() try to allocate "sizeof (struct hdr) + size + 1" instead of the user-specified "size", as seen in mallochook() and reallochook() in malloc/mcheck.c. However, it is never checked whether the new value overflows. It seems that checking whether "size" is greater than "SIZE_MAX - sizeof (struct hdr) - 1" and returning NULL in such case could be a solution. -- http://sourceware.org/bugzilla/show_bug.cgi?id=12005 ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. ^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug libc/12005] malloc(-1ul) segfaults when using mcheck 2010-09-11 16:02 [Bug libc/12005] New: malloc(-1ul) segfaults when using mcheck sources dot redhat dot com at contacts dot eelis dot net 2010-09-11 16:21 ` [Bug libc/12005] " andrey dot vihrov at gmail dot com 2010-09-11 16:46 ` andrey dot vihrov at gmail dot com @ 2010-10-04 2:27 ` drepper dot fsp at gmail dot com 2 siblings, 0 replies; 5+ messages in thread From: drepper dot fsp at gmail dot com @ 2010-10-04 2:27 UTC (permalink / raw) To: glibc-bugs ------- Additional Comments From drepper dot fsp at gmail dot com 2010-10-04 02:27 ------- Should be fixed in git. -- What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED http://sourceware.org/bugzilla/show_bug.cgi?id=12005 ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. ^ permalink raw reply [flat|nested] 5+ messages in thread
[parent not found: <bug-12005-131@http.sourceware.org/bugzilla/>]
* [Bug libc/12005] malloc(-1ul) segfaults when using mcheck [not found] <bug-12005-131@http.sourceware.org/bugzilla/> @ 2014-06-30 8:03 ` fweimer at redhat dot com 0 siblings, 0 replies; 5+ messages in thread From: fweimer at redhat dot com @ 2014-06-30 8:03 UTC (permalink / raw) To: glibc-bugs https://sourceware.org/bugzilla/show_bug.cgi?id=12005 Florian Weimer <fweimer at redhat dot com> changed: What |Removed |Added ---------------------------------------------------------------------------- Flags| |security- -- You are receiving this mail because: You are on the CC list for the bug. ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2014-06-30 8:03 UTC | newest] Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2010-09-11 16:02 [Bug libc/12005] New: malloc(-1ul) segfaults when using mcheck sources dot redhat dot com at contacts dot eelis dot net 2010-09-11 16:21 ` [Bug libc/12005] " andrey dot vihrov at gmail dot com 2010-09-11 16:46 ` andrey dot vihrov at gmail dot com 2010-10-04 2:27 ` drepper dot fsp at gmail dot com [not found] <bug-12005-131@http.sourceware.org/bugzilla/> 2014-06-30 8:03 ` fweimer at redhat dot com
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).