This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug libc/19651] New: Missing sanity check for malloc() in glibc-2.22 plus possible NULL pointer dereference (CWE-476)
- From: "wp02855 at gmail dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Wed, 17 Feb 2016 17:56:13 +0000
- Subject: [Bug libc/19651] New: Missing sanity check for malloc() in glibc-2.22 plus possible NULL pointer dereference (CWE-476)
- Auto-submitted: auto-generated
https://sourceware.org/bugzilla/show_bug.cgi?id=19651
Bug ID: 19651
Summary: Missing sanity check for malloc() in glibc-2.22 plus
possible NULL pointer dereference (CWE-476)
Product: glibc
Version: unspecified
Status: NEW
Severity: normal
Priority: P2
Component: libc
Assignee: unassigned at sourceware dot org
Reporter: wp02855 at gmail dot com
CC: drepper.fsp at gmail dot com
Target Milestone: ---
Created attachment 8994
--> https://sourceware.org/bugzilla/attachment.cgi?id=8994&action=edit
patch file for above bug report (diff -u)
Hello All,
In reviewing source code in glibc-2.22, in sub-directory 'elf',
file 'tlsdeschtab.h', there is a call to malloc() which is not
checked for a return value of NULL, indicating failure. Additionally,
members of the pointer 'td' are used for return values in other
function calls, which could result in unexpected behavior.
The patch file below adds the test for a return value for NULL
and takes (I hope) the appropriate action, if malloc() fails:
--- tlsdeschtab.h.orig 2016-02-16 15:35:30.088150404 -0800
+++ tlsdeschtab.h 2016-02-16 15:37:14.502154200 -0800
@@ -118,6 +118,11 @@
}
*entry = td = malloc (sizeof (struct tlsdesc_dynamic_arg));
+ if (! entry) /* check return value from malloc() */
+ {
+ __rtld_lock_unlock_recursive (GL(dl_load_lock));
+ return 0;
+ }
/* This may be higher than the map's generation, but it doesn't
matter much. Worst case, we'll have one extra DTV update per
thread. */
--
You are receiving this mail because:
You are on the CC list for the bug.