public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug libc/12846] New: swprintf memory leak on long strings
@ 2011-06-06 7:59 hlamer at tut dot by
2011-07-23 3:54 ` [Bug libc/12846] " drepper.fsp at gmail dot com
` (4 more replies)
0 siblings, 5 replies; 6+ messages in thread
From: hlamer at tut dot by @ 2011-06-06 7:59 UTC (permalink / raw)
To: glibc-bugs
http://sourceware.org/bugzilla/show_bug.cgi?id=12846
Summary: swprintf memory leak on long strings
Product: glibc
Version: unspecified
Status: NEW
Severity: normal
Priority: P2
Component: libc
AssignedTo: drepper.fsp@gmail.com
ReportedBy: hlamer@tut.by
Here is an exploit for swprintf memory leak.
The bug is reproduced, only if string is quite big.
I don't have time for check this bug on the latest sources, but it is
reproduced on few different glibc versions on different distributions.
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug libc/12846] swprintf memory leak on long strings
2011-06-06 7:59 [Bug libc/12846] New: swprintf memory leak on long strings hlamer at tut dot by
@ 2011-07-23 3:54 ` drepper.fsp at gmail dot com
2012-01-04 20:02 ` aj at suse dot de
` (3 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: drepper.fsp at gmail dot com @ 2011-07-23 3:54 UTC (permalink / raw)
To: glibc-bugs
http://sourceware.org/bugzilla/show_bug.cgi?id=12846
Ulrich Drepper <drepper.fsp at gmail dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |WAITING
--- Comment #1 from Ulrich Drepper <drepper.fsp at gmail dot com> 2011-07-23 03:54:23 UTC ---
Where is the test case?
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug libc/12846] swprintf memory leak on long strings
2011-06-06 7:59 [Bug libc/12846] New: swprintf memory leak on long strings hlamer at tut dot by
2011-07-23 3:54 ` [Bug libc/12846] " drepper.fsp at gmail dot com
@ 2012-01-04 20:02 ` aj at suse dot de
2012-01-07 17:44 ` hlamer at tut dot by
` (2 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: aj at suse dot de @ 2012-01-04 20:02 UTC (permalink / raw)
To: glibc-bugs
http://sourceware.org/bugzilla/show_bug.cgi?id=12846
Andreas Jaeger <aj at suse dot de> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |aj at suse dot de
--- Comment #2 from Andreas Jaeger <aj at suse dot de> 2012-01-04 20:01:52 UTC ---
Andrei, could you add the test case, please?
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug libc/12846] swprintf memory leak on long strings
2011-06-06 7:59 [Bug libc/12846] New: swprintf memory leak on long strings hlamer at tut dot by
2011-07-23 3:54 ` [Bug libc/12846] " drepper.fsp at gmail dot com
2012-01-04 20:02 ` aj at suse dot de
@ 2012-01-07 17:44 ` hlamer at tut dot by
2012-01-09 1:06 ` drepper.fsp at gmail dot com
2014-06-27 13:12 ` fweimer at redhat dot com
4 siblings, 0 replies; 6+ messages in thread
From: hlamer at tut dot by @ 2012-01-07 17:44 UTC (permalink / raw)
To: glibc-bugs
http://sourceware.org/bugzilla/show_bug.cgi?id=12846
--- Comment #3 from Andrei Kopats <hlamer at tut dot by> 2012-01-07 17:44:29 UTC ---
Oops, it seems I forgot to attach the file.
I tried to reproduce write the exploit again, but, can not reproduce the
bug now on Ubuntu 11.10 :-(
If I remember correctly, swprintf leaked memory, if string size was more
than 2048.
Bug is not reproduced, because now I doing something in different way, or
because it has been fixed. You could just check the sources for magic
number 2048
Here is my newly written exploit, which does not work on Ubuntu 11.10:
#include <stdio.h>
#include <wchar.h>
#define CRITICAL_BUFFER_SIZE (2048 + 1)
int main(int argc, char** argv)
{
int i;
wchar_t buffer [CRITICAL_BUFFER_SIZE];
wchar_t srcBuffer [CRITICAL_BUFFER_SIZE];
for (i = 0; i < CRITICAL_BUFFER_SIZE; i++)
srcBuffer[i] = 'a';
for (i = 0; i < (64 * 1024 * 1024); i++)
swprintf(buffer, sizeof(buffer), L"%s", srcBuffer);
printf("OK, now check, how much memory have I eatten and press
Enter\n");
getchar();
return 0;
}
On Wed, Jan 4, 2012 at 11:01 PM, aj at suse dot de <
sourceware-bugzilla@sourceware.org> wrote:
> http://sourceware.org/bugzilla/show_bug.cgi?id=12846
>
> Andreas Jaeger <aj at suse dot de> changed:
>
> What |Removed |Added
>
> ----------------------------------------------------------------------------
> CC| |aj at suse dot de
>
> --- Comment #2 from Andreas Jaeger <aj at suse dot de> 2012-01-04 20:01:52
> UTC ---
> Andrei, could you add the test case, please?
>
> --
> Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
> ------- You are receiving this mail because: -------
> You reported the bug.
>
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug libc/12846] swprintf memory leak on long strings
2011-06-06 7:59 [Bug libc/12846] New: swprintf memory leak on long strings hlamer at tut dot by
` (2 preceding siblings ...)
2012-01-07 17:44 ` hlamer at tut dot by
@ 2012-01-09 1:06 ` drepper.fsp at gmail dot com
2014-06-27 13:12 ` fweimer at redhat dot com
4 siblings, 0 replies; 6+ messages in thread
From: drepper.fsp at gmail dot com @ 2012-01-09 1:06 UTC (permalink / raw)
To: glibc-bugs
http://sourceware.org/bugzilla/show_bug.cgi?id=12846
Ulrich Drepper <drepper.fsp at gmail dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|WAITING |RESOLVED
Resolution| |WORKSFORME
--- Comment #4 from Ulrich Drepper <drepper.fsp at gmail dot com> 2012-01-09 01:05:47 UTC ---
I cannot see any leaks nor increasing memory use throughout the loop. If you
can provide an actual test case reopen.
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug libc/12846] swprintf memory leak on long strings
2011-06-06 7:59 [Bug libc/12846] New: swprintf memory leak on long strings hlamer at tut dot by
` (3 preceding siblings ...)
2012-01-09 1:06 ` drepper.fsp at gmail dot com
@ 2014-06-27 13:12 ` fweimer at redhat dot com
4 siblings, 0 replies; 6+ messages in thread
From: fweimer at redhat dot com @ 2014-06-27 13:12 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=12846
Florian Weimer <fweimer at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Flags| |security-
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2014-06-27 13:12 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2011-06-06 7:59 [Bug libc/12846] New: swprintf memory leak on long strings hlamer at tut dot by
2011-07-23 3:54 ` [Bug libc/12846] " drepper.fsp at gmail dot com
2012-01-04 20:02 ` aj at suse dot de
2012-01-07 17:44 ` hlamer at tut dot by
2012-01-09 1:06 ` drepper.fsp at gmail dot com
2014-06-27 13:12 ` fweimer at redhat dot com
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).