From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 5808 invoked by alias); 9 Mar 2015 18:51:40 -0000 Mailing-List: contact glibc-bugs-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: glibc-bugs-owner@sourceware.org Received: (qmail 5759 invoked by uid 48); 9 Mar 2015 18:51:36 -0000 From: "ppluzhnikov at google dot com" To: glibc-bugs@sourceware.org Subject: [Bug libc/18043] buffer-overflow (read past the end) in wordexp/parse_dollars/parse_param Date: Mon, 09 Mar 2015 18:51:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: libc X-Bugzilla-Version: 2.21 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: ppluzhnikov at google dot com X-Bugzilla-Status: REOPENED X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: ppluzhnikov at google dot com X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: security+ X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2015-03/txt/msg00084.txt.bz2 https://sourceware.org/bugzilla/show_bug.cgi?id=18043 --- Comment #12 from Paul Pluzhnikov --- (In reply to Kostya Serebryany from comment #11) > Ah, Apparently one of the previous fuzzing iterations has set such env var. > (which also means that wordexp is not an ideal target for in-process fuzzing) > Is this still interesting? It's still a bug (AFAICT) -- GLIBC shouldn't be accessing env strings out of bounds. I've tried setting these variables myself, to various values, but still do not see violations. What do you have them set at (and which ones) ? -- You are receiving this mail because: You are on the CC list for the bug.