This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug libc/18283] New: vsprintf randomly crashes
- From: "cgasmith at comcast dot net" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Mon, 20 Apr 2015 16:21:08 +0000
- Subject: [Bug libc/18283] New: vsprintf randomly crashes
- Auto-submitted: auto-generated
https://sourceware.org/bugzilla/show_bug.cgi?id=18283
Bug ID: 18283
Summary: vsprintf randomly crashes
Product: glibc
Version: 2.18
Status: NEW
Severity: critical
Priority: P2
Component: libc
Assignee: unassigned at sourceware dot org
Reporter: cgasmith at comcast dot net
CC: drepper.fsp at gmail dot com
Created attachment 8256
--> https://sourceware.org/bugzilla/attachment.cgi?id=8256&action=edit
Sample program showing vsprintf malice
Linux 3.19.3-100.fc20.x86_64 #1 SMP Fri Mar 27 16:53:47 UTC 2015 x86_64 x86_64
x86_64 GNU/Linux
glibc.i686 2.18-19.fc20
Under FC20 x86_64 using Eclipse ide, configured for Linux GCC (Hello world
template).
Using vsprintf causes random segmentation faults and display (stdout) issues.
Steps to reproduce:
1) create any large file (I use a screen shot named bigfile.png)
2) Compile and run attached, no problem
3) switch comments back
from:
printf("%s%16s\n",OutLine,EndLine);
//Msg("%s%16s\n",OutLine,EndLine);
to:
//printf("%s%16s\n",OutLine,EndLine);
Msg("%s%16s\n",OutLine,EndLine);
Observations:
1) alternative temp fix is to switch from vsprintf to vprintf in Msg and that
works,but in the real app, I use vsprintf to put to stdout and then a log file.
2) This doesn't fault in any predictable manor, I suspect that the buffer
concatenation routine in vsprintf is 1) not initializing the buffer but I tried
memset \0 for that (and yes, I dont need the static declarations, but cant
hurt) -or- 2) buffer overrun, but not really possible with this or 3) rouge
pointer internally to only vsprintf.
An indicator of something fishy going on...the notice the 0012470: offset, the
"\n" passed in the Fmt line down to vsprintf does not get embedded, I've seen
overruns as well, but I'm at the point, that I know the fault is internal to
vsprintf.
0012440: (016) 0856 4706 E5F1 7B6E 212B 4696 EE78 3ADE .VG...{n!+F..x:.
0012450: (016) F219 4CB2 FB22 7322 B39F 99AC 8274 E840 ..L.."s".....t.@
0012460: (016) 8D10 BA9F 7764 A025 437E 0F16 189C 0431 ....wd.0012470: (016)
8DCE 9E55 824D 3A77 211E A82B DD17 868F ...U.M:w!..+....
0012480: (016) 74CE E424 A4ED CD59 A74E 279E 4EBF 8308 t..$...Y.N'.N...
0012490: (016) 0B7E 6FC7 19AB 22D1 33DF 32AC BAE4 DD7C .~o...".3.2....|
.....later...
0012E90: (016) 8CF5 6CAD 9EB2 6FB8 7337 341D 1881 BB51 ..l...o.s74....Q
Segmentation fault (core dumped)
If it matters, AMD 8150 8-core, 64-bit + 12G memory.
--
You are receiving this mail because:
You are on the CC list for the bug.