public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug libc/11892] putenv()/setenv() unbounded alloca()
[not found] <bug-11892-131@http.sourceware.org/bugzilla/>
@ 2011-05-16 14:17 ` drepper.fsp at gmail dot com
2014-06-30 16:55 ` fweimer at redhat dot com
2014-06-30 17:08 ` fweimer at redhat dot com
2 siblings, 0 replies; 6+ messages in thread
From: drepper.fsp at gmail dot com @ 2011-05-16 14:17 UTC (permalink / raw)
To: glibc-bugs
http://sourceware.org/bugzilla/show_bug.cgi?id=11892
Ulrich Drepper <drepper.fsp at gmail dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
--- Comment #3 from Ulrich Drepper <drepper.fsp at gmail dot com> 2011-05-16 14:16:34 UTC ---
There are no accidental putenv calls and programs and especially not in
multi-threaded programs. Modifying the environment in multi-threaded code is
not possible unless you want to crash your code. I checked in a patch but it's
just another case of slowing things down because of ignorant programmers.
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug libc/11892] putenv()/setenv() unbounded alloca()
[not found] <bug-11892-131@http.sourceware.org/bugzilla/>
2011-05-16 14:17 ` [Bug libc/11892] putenv()/setenv() unbounded alloca() drepper.fsp at gmail dot com
@ 2014-06-30 16:55 ` fweimer at redhat dot com
2014-06-30 17:08 ` fweimer at redhat dot com
2 siblings, 0 replies; 6+ messages in thread
From: fweimer at redhat dot com @ 2014-06-30 16:55 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=11892
Florian Weimer <fweimer at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |fweimer at redhat dot com
Flags| |security+
--- Comment #4 from Florian Weimer <fweimer at redhat dot com> ---
Fixed in glibc 2.12. This seems security-relevant because with USE_TSEARCH
(enabled for libc), alloca is called for the name/value concatenation, not just
for the name.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug libc/11892] putenv()/setenv() unbounded alloca()
[not found] <bug-11892-131@http.sourceware.org/bugzilla/>
2011-05-16 14:17 ` [Bug libc/11892] putenv()/setenv() unbounded alloca() drepper.fsp at gmail dot com
2014-06-30 16:55 ` fweimer at redhat dot com
@ 2014-06-30 17:08 ` fweimer at redhat dot com
2 siblings, 0 replies; 6+ messages in thread
From: fweimer at redhat dot com @ 2014-06-30 17:08 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=11892
--- Comment #5 from Florian Weimer <fweimer at redhat dot com> ---
Relevant commit is c63bfa79941496190b22179cd5a73addff3a7e8b.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug libc/11892] putenv()/setenv() unbounded alloca()
2010-08-06 21:02 [Bug libc/11892] New: " cdn at chromium dot org
2010-09-12 15:34 ` [Bug libc/11892] " kees at outflux dot net
2010-09-12 15:41 ` kees at outflux dot net
@ 2010-09-12 22:56 ` kees at outflux dot net
2 siblings, 0 replies; 6+ messages in thread
From: kees at outflux dot net @ 2010-09-12 22:56 UTC (permalink / raw)
To: glibc-bugs
--
What |Removed |Added
----------------------------------------------------------------------------
CC| |kees at outflux dot net
http://sourceware.org/bugzilla/show_bug.cgi?id=11892
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug libc/11892] putenv()/setenv() unbounded alloca()
2010-08-06 21:02 [Bug libc/11892] New: " cdn at chromium dot org
2010-09-12 15:34 ` [Bug libc/11892] " kees at outflux dot net
@ 2010-09-12 15:41 ` kees at outflux dot net
2010-09-12 22:56 ` kees at outflux dot net
2 siblings, 0 replies; 6+ messages in thread
From: kees at outflux dot net @ 2010-09-12 15:41 UTC (permalink / raw)
To: glibc-bugs
------- Additional Comments From kees at outflux dot net 2010-09-12 15:40 -------
Ah, as pointed out by the reporter in separate email, this could be a serious
problem for threaded applications.
--
What |Removed |Added
----------------------------------------------------------------------------
Status|WAITING |NEW
http://sourceware.org/bugzilla/show_bug.cgi?id=11892
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug libc/11892] putenv()/setenv() unbounded alloca()
2010-08-06 21:02 [Bug libc/11892] New: " cdn at chromium dot org
@ 2010-09-12 15:34 ` kees at outflux dot net
2010-09-12 15:41 ` kees at outflux dot net
2010-09-12 22:56 ` kees at outflux dot net
2 siblings, 0 replies; 6+ messages in thread
From: kees at outflux dot net @ 2010-09-12 15:34 UTC (permalink / raw)
To: glibc-bugs
------- Additional Comments From kees at outflux dot net 2010-09-12 15:34 -------
In /proc/$pid/maps:
fffdd000-ffffe000 rw-p 00000000 00:00 0 [stack]
And from the registers after a crash running this as "./env 100000000":
esp 0xfd04e510 0xfd04e510
This appears to "just" be a case of running out of stack memory. Doing
breakpoints before/after the putenv, it looks like stack memory is being
accounted for correctly, so I'm not clear how this could cause corruption:
(gdb) run 10000
Breakpoint 1, main (argc=2, argv=0xffffd6b4) at env.c:13
13 putenv(name);
(gdb) info reg
...
esp 0xffffd5d0 0xffffd5d0
(gdb) cont
Continuing.
Breakpoint 2, main (argc=2, argv=0xffffd6b4) at env.c:14
14 return 0;
(gdb) info reg
...
esp 0xffffd5d0 0xffffd5d0
--
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |WAITING
http://sourceware.org/bugzilla/show_bug.cgi?id=11892
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2014-06-30 17:08 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <bug-11892-131@http.sourceware.org/bugzilla/>
2011-05-16 14:17 ` [Bug libc/11892] putenv()/setenv() unbounded alloca() drepper.fsp at gmail dot com
2014-06-30 16:55 ` fweimer at redhat dot com
2014-06-30 17:08 ` fweimer at redhat dot com
2010-08-06 21:02 [Bug libc/11892] New: " cdn at chromium dot org
2010-09-12 15:34 ` [Bug libc/11892] " kees at outflux dot net
2010-09-12 15:41 ` kees at outflux dot net
2010-09-12 22:56 ` kees at outflux dot net
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).