This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug libc/14277] Pointer used after free'd
- From: "joseph at codesourcery dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sources dot redhat dot com
- Date: Thu, 21 Jun 2012 16:21:12 +0000
- Subject: [Bug libc/14277] Pointer used after free'd
- Auto-submitted: auto-generated
- References: <bug-14277-131@http.sourceware.org/bugzilla/>
http://sourceware.org/bugzilla/show_bug.cgi?id=14277
--- Comment #1 from joseph at codesourcery dot com <joseph at codesourcery dot com> 2012-06-21 16:21:12 UTC ---
On Thu, 21 Jun 2012, law at redhat dot com wrote:
> I don't have a good testcase -- the one provided to me hasn't tripped in about
> 12 hours of running or in shorter runs with differing values of
> M_MMAP_THRESHOLD and may contain confidential information. Hopefully the
> analysis above is clear enough to show this code is clearly broken.
Does use of M_PERTURB (to cause free to overwrite freed memory - I don't
actually know if it works for realloc as well) make it easier to reproduce
the problem?
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.