This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [patch] Fix for heap overflow in wscanf (BZ 16618)
- From: Paul Eggert <eggert at cs dot ucla dot edu>
- To: Carlos O'Donell <carlos at redhat dot com>, Rich Felker <dalias at libc dot org>
- Cc: Paul Pluzhnikov <ppluzhnikov at google dot com>, Andreas Schwab <schwab at suse dot de>, libc-alpha at sourceware dot org
- Date: Tue, 03 Feb 2015 16:11:56 -0800
- Subject: Re: [patch] Fix for heap overflow in wscanf (BZ 16618)
- Authentication-results: sourceware.org; auth=none
- References: <CALoOobPgvuBLTk4GzOchr792MHNi1yLgsO5Jqf8MPvY+bk544Q at mail dot gmail dot com> <20150202050906 dot GF23507 at brightrain dot aerifal dot cx> <CALoOobP5yEqB-oKUvPVJm0znonYJ_iM1q_uFBNT2sRojBguJ-A at mail dot gmail dot com> <mvmiofkiqaj dot fsf at hawking dot suse dot de> <CALoOobPyDepfTFp=_y50iKHxAhKV8W+ZkUiV6e-2O=kgpT_08g at mail dot gmail dot com> <87twz4xidl dot fsf at igel dot home> <CALoOobNFbi8csanuAGDwebQeojNWsSqj+6g6w-J94hZ8POOZiw at mail dot gmail dot com> <54D0F628 dot 3000808 at redhat dot com> <20150203180129 dot GP23507 at brightrain dot aerifal dot cx> <54D10E16 dot 7050601 at redhat dot com> <20150203184139 dot GQ23507 at brightrain dot aerifal dot cx> <54D11FE6 dot 9020905 at redhat dot com>
Carlos O'Donell wrote:
I'd read the POSIX wording differently.
Although Rich's interpretation is correct for current POSIX, thanks to Eric
Blake the next release of POSIX (Issue 8) is planned to change this, and to
require 'free' to leave errno alone, which as I understand it is your preferred
interpretation. Please see:
http://austingroupbugs.net/view.php?id=385
Because of this, glibc 'free' should not set errno if the user invokes 'free' in
a conforming way. Setting errno will be a conformance bug once Issue 8 comes
out, and glibc should be fixed to conform well before that. Also, the glibc
documentation should be changed to discuss this issue. I have filed a glibc bug
report to that effect, here:
https://sourceware.org/bugzilla/show_bug.cgi?id=17924