This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug libc/18096] New: null deref in wordexp/parse_dollars/parse_arith
- From: "konstantin.s.serebryany at gmail dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Mon, 09 Mar 2015 15:31:12 +0000
- Subject: [Bug libc/18096] New: null deref in wordexp/parse_dollars/parse_arith
- Auto-submitted: auto-generated
https://sourceware.org/bugzilla/show_bug.cgi?id=18096
Bug ID: 18096
Summary: null deref in wordexp/parse_dollars/parse_arith
Product: glibc
Version: unspecified
Status: NEW
Severity: normal
Priority: P2
Component: libc
Assignee: unassigned at sourceware dot org
Reporter: konstantin.s.serebryany at gmail dot com
CC: drepper.fsp at gmail dot com
#include <wordexp.h>
#include <string.h>
int main() {
char *p = strdup("$[]");
wordexp_t w;
wordexp(p, &w, 0);
}
gcc we5.c && ./a.out
#0 0x7fe40ab0d3ae in parse_arith
/build/buildd/eglibc-2.19/posix/wordexp.c:774
#1 0x7fe40ab0b123 in parse_dollars
/build/buildd/eglibc-2.19/posix/wordexp.c:2096
#2 0x7fe40ab0dfeb in wordexp /build/buildd/eglibc-2.19/posix/wordexp.c:2348
2.19 and fresh trunk are affected.
Same fuzzer, see https://sourceware.org/glibc/wiki/FuzzingLibc
--
You are receiving this mail because:
You are on the CC list for the bug.