This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug nptl/15618] New: Possible access beyond memory bounds in pthread_attr_getaffinity
- From: "siddhesh at redhat dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Thu, 13 Jun 2013 18:54:13 +0000
- Subject: [Bug nptl/15618] New: Possible access beyond memory bounds in pthread_attr_getaffinity
- Auto-submitted: auto-generated
http://sourceware.org/bugzilla/show_bug.cgi?id=15618
Bug ID: 15618
Summary: Possible access beyond memory bounds in
pthread_attr_getaffinity
Product: glibc
Version: unspecified
Status: NEW
Severity: normal
Priority: P2
Component: nptl
Assignee: unassigned at sourceware dot org
Reporter: siddhesh at redhat dot com
CC: drepper.fsp at gmail dot com
Description:
pthread_attr_getaffinity_np may corrupt memory by writing beyond bounds of the
input cpuset buffer if the given buffer is smaller than the buffer in the
thread attributes.
Reproducer:
#include <pthread.h>
#include <stdio.h>
#include <sched.h>
#include <errno.h>
#define RETURN_IF_FAIL(f, ...) \
({ \
int ret = f (__VA_ARGS__); \
if (ret != 0) \
{ \
printf ("%s:%d: %s returned %d (errno = %d)\n", __FILE__, __LINE__, \
#f, ret, errno); \
return ret; \
} \
})
int
main (void)
{
for (int i = 0; i < 10; i++)
{
pthread_attr_t attr;
cpu_set_t *cpuset = CPU_ALLOC (512);
size_t cpusetsize = CPU_ALLOC_SIZE (512);
CPU_ZERO_S (cpusetsize, cpuset);
RETURN_IF_FAIL (pthread_attr_init, &attr);
RETURN_IF_FAIL (pthread_attr_setaffinity_np, &attr, cpusetsize, cpuset);
CPU_FREE (cpuset);
cpuset = CPU_ALLOC (1);
cpusetsize = CPU_ALLOC_SIZE (1);
RETURN_IF_FAIL (pthread_attr_getaffinity_np, &attr, cpusetsize, cpuset);
CPU_FREE (cpuset);
}
return 0;
}
--
You are receiving this mail because:
You are on the CC list for the bug.