This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug libc/12424] strtod() reads past the string end
- From: "bz at rv6502 dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Thu, 14 Feb 2013 01:06:40 +0000
- Subject: [Bug libc/12424] strtod() reads past the string end
- Auto-submitted: auto-generated
- References: <bug-12424-131@http.sourceware.org/bugzilla/>
http://sourceware.org/bugzilla/show_bug.cgi?id=12424
Stephane Hockenhull <bz at rv6502 dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |REOPENED
CC| |bz at rv6502 dot com
Version|2.13 |2.15
Resolution|INVALID |
--- Comment #3 from Stephane Hockenhull <bz at rv6502 dot com> 2013-02-14 01:06:40 UTC ---
glibc code is reading past the string end: it is a bug.
----------- strtod.cpp ---------
#include <stdio.h>
#include <stdlib.h>
#include <string>
#include <gnu/libc-version.h>
int main()
{
printf("GLIBC: %s\n", gnu_get_libc_version ());
std::string s = "item 1";
const char *test = s.c_str();
double d = strtod(test, 0);
printf("%f\n", d);
return 0;
}
------------------------------------
==14729== Memcheck, a memory error detector
==14729== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
==14729== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info
==14729== Command: ./strtod
==14729==
GLIBC: 2.15
==14729== Invalid read of size 8
==14729== at 0x53D71BF: __GI___strncasecmp_l (strcmp.S:213)
==14729== by 0x538973F: ____strtod_l_internal (strtod_l.c:574)
==14729== by 0x4008BA: main (in /home/shockenhull/tmp/glibc_bugs/strtod)
==14729== Address 0x5a03058 is 24 bytes inside a block of size 31 alloc'd
==14729== at 0x4C2B1C7: operator new(unsigned long) (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==14729== by 0x4ED0A88: std::string::_Rep::_S_create(unsigned long, unsigned
long, std::allocator<char> const&) (in
/usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.16)
==14729== by 0x4ED2494: char* std::string::_S_construct<char const*>(char
const*, char const*, std::allocator<char> const&, std::forward_iterator_tag)
(in /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.16)
==14729== by 0x4ED25E2: std::basic_string<char, std::char_traits<char>,
std::allocator<char> >::basic_string(char const*, std::allocator<char> const&)
(in /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.16)
==14729== by 0x40088D: main (in /home/shockenhull/tmp/glibc_bugs/strtod)
==14729==
==14729== Invalid read of size 8
==14729== at 0x53D71C7: __GI___strncasecmp_l (strcmp.S:215)
==14729== by 0x538973F: ____strtod_l_internal (strtod_l.c:574)
==14729== by 0x4008BA: main (in /home/shockenhull/tmp/glibc_bugs/strtod)
==14729== Address 0x5a03060 is 1 bytes after a block of size 31 alloc'd
==14729== at 0x4C2B1C7: operator new(unsigned long) (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==14729== by 0x4ED0A88: std::string::_Rep::_S_create(unsigned long, unsigned
long, std::allocator<char> const&) (in
/usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.16)
==14729== by 0x4ED2494: char* std::string::_S_construct<char const*>(char
const*, char const*, std::allocator<char> const&, std::forward_iterator_tag)
(in /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.16)
==14729== by 0x4ED25E2: std::basic_string<char, std::char_traits<char>,
std::allocator<char> >::basic_string(char const*, std::allocator<char> const&)
(in /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.16)
==14729== by 0x40088D: main (in /home/shockenhull/tmp/glibc_bugs/strtod)
==14729==
0.000000
==14729==
==14729== HEAP SUMMARY:
==14729== in use at exit: 0 bytes in 0 blocks
==14729== total heap usage: 1 allocs, 1 frees, 31 bytes allocated
==14729==
==14729== All heap blocks were freed -- no leaks are possible
==14729==
==14729== For counts of detected and suppressed errors, rerun with: -v
==14729== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 2 from 2)
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.