This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug time/21716] New: Crash in glibc's mktime in low-memory situations
- From: "sourceware at sagamusix dot de" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Wed, 05 Jul 2017 20:16:15 +0000
- Subject: [Bug time/21716] New: Crash in glibc's mktime in low-memory situations
- Auto-submitted: auto-generated
https://sourceware.org/bugzilla/show_bug.cgi?id=21716
Bug ID: 21716
Summary: Crash in glibc's mktime in low-memory situations
Product: glibc
Version: 2.19
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: time
Assignee: unassigned at sourceware dot org
Reporter: sourceware at sagamusix dot de
Target Milestone: ---
Originally reported with all the details on the Debian bugtracker:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867283
glibc uses the function __tzstring to allocate strings in various time-related
places, but does not guard against out-of-memory situations sufficiently.
__tzstring uses malloc internally and subsequently may return NULL if the
memory allocation failed. The result of __tzstring should be verified so that
later assumptions about strings being non-NULL are not violated. In this
particular case, an assertion was violated and consequently caused a SIGABRT,
which violates the API contract of mktime (it should return -1 on failure, and
when used in C++ it is guaranteed to be exception-safe).
This bug was found with American Fuzzy Lop and libdislocator.
--
You are receiving this mail because:
You are on the CC list for the bug.