This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[Bug libc/14404] New: strtod causes invalid memory access on certain inputs


http://sourceware.org/bugzilla/show_bug.cgi?id=14404

             Bug #: 14404
           Summary: strtod causes invalid memory access on certain inputs
           Product: glibc
           Version: 2.16
            Status: NEW
          Severity: normal
          Priority: P2
         Component: libc
        AssignedTo: unassigned@sourceware.org
        ReportedBy: charles@hailoo.com
                CC: drepper.fsp@gmail.com
    Classification: Unclassified


The function strtod in GLIBC, (implemented in stdlib/strtod_l.c), has a bug
when checking for "inf" or "nan" in strtod_l.c.

The issue causes Valgrind to report an invalid memory access.  It can be
reproduced easily by simply trying to use strtod on a string that starts with
the letter "i" or "n":

    char* s = malloc(12);
    memset(s, 0, 12);
    strcpy(s, "ichabod");
    double v = std::strtod(s, NULL);

This causes Valgrind to report:

==20062== Invalid read of size 8
==20062==    at 0x565A147: __GI___strncasecmp_l (strcmp.S:215)
==20062==    by 0x5610F5E: ____strtod_l_internal (strtod_l.c:577)
==20062==    by 0x404B43: main (test4.cc:310)
==20062==  Address 0x5971048 is 8 bytes inside a block of size 12 alloc'd
==20062==    at 0x4C28F9F: malloc (vg_replace_malloc.c:236)
==20062==    by 0x404B07: main (test4.cc:307)

The bug seems to have something to do with the use of STRNCASECMP macro when
checking for "inf" and "nan".

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]