public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug libc/7066] Probable buffer overrun in strtold()
[not found] <bug-7066-131@http.sourceware.org/bugzilla/>
@ 2014-07-01 20:59 ` fweimer at redhat dot com
0 siblings, 0 replies; 5+ messages in thread
From: fweimer at redhat dot com @ 2014-07-01 20:59 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=7066
Florian Weimer <fweimer at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |fweimer at redhat dot com
Flags| |security+
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug libc/7066] Probable buffer overrun in strtold()
2008-12-04 0:50 [Bug libc/7066] New: " nix at esperi dot org dot uk
` (2 preceding siblings ...)
2008-12-05 0:18 ` nix at esperi dot org dot uk
@ 2010-09-01 19:41 ` drepper at redhat dot com
3 siblings, 0 replies; 5+ messages in thread
From: drepper at redhat dot com @ 2010-09-01 19:41 UTC (permalink / raw)
To: glibc-bugs
------- Additional Comments From drepper at redhat dot com 2010-09-01 19:40 -------
Should be handled in git.
--
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
http://sourceware.org/bugzilla/show_bug.cgi?id=7066
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug libc/7066] Probable buffer overrun in strtold()
2008-12-04 0:50 [Bug libc/7066] New: " nix at esperi dot org dot uk
2008-12-04 12:13 ` [Bug libc/7066] " nix at esperi dot org dot uk
2008-12-04 14:09 ` pasky at suse dot cz
@ 2008-12-05 0:18 ` nix at esperi dot org dot uk
2010-09-01 19:41 ` drepper at redhat dot com
3 siblings, 0 replies; 5+ messages in thread
From: nix at esperi dot org dot uk @ 2008-12-05 0:18 UTC (permalink / raw)
To: glibc-bugs
------- Additional Comments From nix at esperi dot org dot uk 2008-12-05 00:17 -------
It's using the same compile line that glibc's 'make check' uses, which
passes -std=gnu99 (IIRC: I don't have a build tree at the right point to verify
this right now).
The original testcase in glibc calls strtold() with many different inputs: only
this one crashes under -fstack-protector-all, and the corrupted stack is not in
the testing function but within glibc itself. So I don't see how e.g. pointer
width differences (not applicable on x86-32 anyway as far as I can see) could
cause a problem. It's not as if this is a varargs function on AIX or something.
--
http://sourceware.org/bugzilla/show_bug.cgi?id=7066
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug libc/7066] Probable buffer overrun in strtold()
2008-12-04 0:50 [Bug libc/7066] New: " nix at esperi dot org dot uk
2008-12-04 12:13 ` [Bug libc/7066] " nix at esperi dot org dot uk
@ 2008-12-04 14:09 ` pasky at suse dot cz
2008-12-05 0:18 ` nix at esperi dot org dot uk
2010-09-01 19:41 ` drepper at redhat dot com
3 siblings, 0 replies; 5+ messages in thread
From: pasky at suse dot cz @ 2008-12-04 14:09 UTC (permalink / raw)
To: glibc-bugs
------- Additional Comments From pasky at suse dot cz 2008-12-04 14:08 -------
Are you compiling with -std=c99 or similar? (i.e. do you have the correct
prototype?)
--
http://sourceware.org/bugzilla/show_bug.cgi?id=7066
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug libc/7066] Probable buffer overrun in strtold()
2008-12-04 0:50 [Bug libc/7066] New: " nix at esperi dot org dot uk
@ 2008-12-04 12:13 ` nix at esperi dot org dot uk
2008-12-04 14:09 ` pasky at suse dot cz
` (2 subsequent siblings)
3 siblings, 0 replies; 5+ messages in thread
From: nix at esperi dot org dot uk @ 2008-12-04 12:13 UTC (permalink / raw)
To: glibc-bugs
------- Additional Comments From nix at esperi dot org dot uk 2008-12-04 12:12 -------
Created an attachment (id=3090)
--> (http://sourceware.org/bugzilla/attachment.cgi?id=3090&action=view)
One-liner reproducing the crash
Backtrace with this one-liner, with glibc compiled with -fstack-protector-all:
Program received signal SIGABRT, Aborted.
0xb804a424 in __kernel_vsyscall ()
(gdb) bt
#0 0xb804a424 in __kernel_vsyscall ()
#1 0x08054a4b in __stack_chk_fail () at stack_chk_fail.c:295
#2 0x0804ad96 in ____strtold_l_internal (nptr=0x80ad488 "42.", '0' <repeats 19
times>, "1", endptr=0x0, group=0, loc=0x80cb0a0) at ../stdlib/strtod_l.c:1571
#3 0x08048cb7 in strtold (nptr=0x80ad488 "42.", '0' <repeats 19 times>, "1",
endptr=0x0) at strtod.c:70
#4 0x08048255 in main (argc=1, argv=0xbfa47364) at strtold-crash.c:7
--
http://sourceware.org/bugzilla/show_bug.cgi?id=7066
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2014-07-01 20:59 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <bug-7066-131@http.sourceware.org/bugzilla/>
2014-07-01 20:59 ` [Bug libc/7066] Probable buffer overrun in strtold() fweimer at redhat dot com
2008-12-04 0:50 [Bug libc/7066] New: " nix at esperi dot org dot uk
2008-12-04 12:13 ` [Bug libc/7066] " nix at esperi dot org dot uk
2008-12-04 14:09 ` pasky at suse dot cz
2008-12-05 0:18 ` nix at esperi dot org dot uk
2010-09-01 19:41 ` drepper at redhat dot com
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).