public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug libc/14404] New: strtod causes invalid memory access on certain inputs
@ 2012-07-25 19:37 charles at hailoo dot com
2012-07-25 20:30 ` [Bug libc/14404] " schwab@linux-m68k.org
2014-06-17 18:56 ` fweimer at redhat dot com
0 siblings, 2 replies; 3+ messages in thread
From: charles at hailoo dot com @ 2012-07-25 19:37 UTC (permalink / raw)
To: glibc-bugs
http://sourceware.org/bugzilla/show_bug.cgi?id=14404
Bug #: 14404
Summary: strtod causes invalid memory access on certain inputs
Product: glibc
Version: 2.16
Status: NEW
Severity: normal
Priority: P2
Component: libc
AssignedTo: unassigned@sourceware.org
ReportedBy: charles@hailoo.com
CC: drepper.fsp@gmail.com
Classification: Unclassified
The function strtod in GLIBC, (implemented in stdlib/strtod_l.c), has a bug
when checking for "inf" or "nan" in strtod_l.c.
The issue causes Valgrind to report an invalid memory access. It can be
reproduced easily by simply trying to use strtod on a string that starts with
the letter "i" or "n":
char* s = malloc(12);
memset(s, 0, 12);
strcpy(s, "ichabod");
double v = std::strtod(s, NULL);
This causes Valgrind to report:
==20062== Invalid read of size 8
==20062== at 0x565A147: __GI___strncasecmp_l (strcmp.S:215)
==20062== by 0x5610F5E: ____strtod_l_internal (strtod_l.c:577)
==20062== by 0x404B43: main (test4.cc:310)
==20062== Address 0x5971048 is 8 bytes inside a block of size 12 alloc'd
==20062== at 0x4C28F9F: malloc (vg_replace_malloc.c:236)
==20062== by 0x404B07: main (test4.cc:307)
The bug seems to have something to do with the use of STRNCASECMP macro when
checking for "inf" and "nan".
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 3+ messages in thread
* [Bug libc/14404] strtod causes invalid memory access on certain inputs
2012-07-25 19:37 [Bug libc/14404] New: strtod causes invalid memory access on certain inputs charles at hailoo dot com
@ 2012-07-25 20:30 ` schwab@linux-m68k.org
2014-06-17 18:56 ` fweimer at redhat dot com
1 sibling, 0 replies; 3+ messages in thread
From: schwab@linux-m68k.org @ 2012-07-25 20:30 UTC (permalink / raw)
To: glibc-bugs
http://sourceware.org/bugzilla/show_bug.cgi?id=14404
Andreas Schwab <schwab@linux-m68k.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |INVALID
--- Comment #1 from Andreas Schwab <schwab@linux-m68k.org> 2012-07-25 20:30:01 UTC ---
This is a false positive due to read-ahead and reading from a 16-byte aligned
address cannot cross a page boundary. valgrind needs to white-list that
access.
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 3+ messages in thread
* [Bug libc/14404] strtod causes invalid memory access on certain inputs
2012-07-25 19:37 [Bug libc/14404] New: strtod causes invalid memory access on certain inputs charles at hailoo dot com
2012-07-25 20:30 ` [Bug libc/14404] " schwab@linux-m68k.org
@ 2014-06-17 18:56 ` fweimer at redhat dot com
1 sibling, 0 replies; 3+ messages in thread
From: fweimer at redhat dot com @ 2014-06-17 18:56 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=14404
Florian Weimer <fweimer at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Flags| |security-
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2014-06-17 18:56 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2012-07-25 19:37 [Bug libc/14404] New: strtod causes invalid memory access on certain inputs charles at hailoo dot com
2012-07-25 20:30 ` [Bug libc/14404] " schwab@linux-m68k.org
2014-06-17 18:56 ` fweimer at redhat dot com
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).