This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH v2] vfprintf stack overflow [BZ #16617]
- From: Allan McRae <allan at archlinux dot org>
- To: Florian Weimer <fweimer at redhat dot com>, GNU C Library <libc-alpha at sourceware dot org>
- Date: Mon, 15 Dec 2014 20:25:57 +1000
- Subject: Re: [PATCH v2] vfprintf stack overflow [BZ #16617]
- Authentication-results: sourceware.org; auth=none
- References: <5481E0BD dot 9000203 at redhat dot com> <5485A63E dot 8000607 at redhat dot com> <alpine dot DEB dot 2 dot 10 dot 1412081538080 dot 3449 at digraph dot polyomino dot org dot uk> <5485CACB dot 5070604 at redhat dot com> <548ABE6C dot 8020809 at redhat dot com>
On 12/12/14 20:07, Florian Weimer wrote:
> On 12/08/2014 04:59 PM, Florian Weimer wrote:
>> On 12/08/2014 04:41 PM, Joseph Myers wrote:
>>> On Mon, 8 Dec 2014, Florian Weimer wrote:
>>>
>>>> + specs = malloc (nspecs_size);
>>>> + if (specs == NULL)
>>>> + {
>>>> + __set_errno (ENOMEM);
>>>> + done = -1;
>>>> + goto all_done;
>>>> + }
>>>
>>> It looks to me like this will leak the previous copy of specs on
>>> allocation failure, if the previous value was also malloced (so you need
>>> "specs = old;" or similar here to get the return path to free it if
>>> appropriate).
>>
>> Ugh, thanks, I've made that change. Anything else?
>
> FYI, I plan to commit this in Monday so that this doesn't fall through
> the cracks again.
Are you going to backport this to release branches?