This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug libc/18043] buffer-overflow (read past the end) in wordexp/parse_dollars/parse_param
- From: "ppluzhnikov at google dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Mon, 09 Mar 2015 18:51:36 +0000
- Subject: [Bug libc/18043] buffer-overflow (read past the end) in wordexp/parse_dollars/parse_param
- Auto-submitted: auto-generated
- References: <bug-18043-131 at http dot sourceware dot org/bugzilla/>
https://sourceware.org/bugzilla/show_bug.cgi?id=18043
--- Comment #12 from Paul Pluzhnikov <ppluzhnikov at google dot com> ---
(In reply to Kostya Serebryany from comment #11)
> Ah, Apparently one of the previous fuzzing iterations has set such env var.
> (which also means that wordexp is not an ideal target for in-process fuzzing)
> Is this still interesting?
It's still a bug (AFAICT) -- GLIBC shouldn't be accessing env strings out of
bounds.
I've tried setting these variables myself, to various values, but still do not
see violations.
What do you have them set at (and which ones) ?
--
You are receiving this mail because:
You are on the CC list for the bug.