This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[Bug libc/14277] Pointer used after free'd


http://sourceware.org/bugzilla/show_bug.cgi?id=14277

--- Comment #1 from joseph at codesourcery dot com <joseph at codesourcery dot com> 2012-06-21 16:21:12 UTC ---
On Thu, 21 Jun 2012, law at redhat dot com wrote:

> I don't have a good testcase -- the one provided to me hasn't tripped in about
> 12 hours of running or in shorter runs with differing values of
> M_MMAP_THRESHOLD and may contain confidential information.   Hopefully the
> analysis above is clear enough to show this code is clearly broken.

Does use of M_PERTURB (to cause free to overwrite freed memory - I don't 
actually know if it works for realloc as well) make it easier to reproduce 
the problem?

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]