This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug libc/18887] New: memory corruption when using getmntent on blank lines
- From: "vapier at gentoo dot org" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Fri, 28 Aug 2015 15:06:38 +0000
- Subject: [Bug libc/18887] New: memory corruption when using getmntent on blank lines
- Auto-submitted: auto-generated
https://sourceware.org/bugzilla/show_bug.cgi?id=18887
Bug ID: 18887
Summary: memory corruption when using getmntent on blank lines
Product: glibc
Version: 2.23
Status: NEW
Severity: normal
Priority: P2
Component: libc
Assignee: unassigned at sourceware dot org
Reporter: vapier at gentoo dot org
CC: drepper.fsp at gmail dot com
Depends on: 17273
Target Milestone: ---
the change introduced in bug 17273 ends up corrupting memory by a single byte
when processing lines that are all whitespace. this can go unnoticed on many
arches, but it seems to trigger frequently on ppc32.
$ cat > test.c <<EOF
#include <mntent.h>
int main(void) {
FILE *fp = setmntent("/etc/fstab", "r");
getmntent(fp);
endmntent(fp);
}
EOF
$ gcc test.c
$ ./a.out
*** Error in `./a.out': double free or corruption (!prev): 0x10021008 ***
======= Backtrace: =========
/lib/libc.so.6(+0x7bcac)[0xfef2cac]
/lib/libc.so.6(+0x83314)[0xfefa314]
/lib/libc.so.6(+0x84270)[0xfefb270]
/lib/libc.so.6(fclose+0x1e8)[0xfee5838]
/lib/libc.so.6(endmntent+0x2c)[0xff5e11c]
/lib/libc.so.6(+0x21b38)[0xfe98b38]
/lib/libc.so.6(+0x21cd8)[0xfe98cd8]
Referenced Bugs:
https://sourceware.org/bugzilla/show_bug.cgi?id=17273
[Bug 17273] getmntent() returns wrong default value for fs_passno
--
You are receiving this mail because:
You are on the CC list for the bug.