This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [patch] Fix for heap overflow in wscanf (BZ 16618)

From: Paul Eggert <eggert at cs dot ucla dot edu>
To: Carlos O'Donell <carlos at redhat dot com>, Rich Felker <dalias at libc dot org>
Cc: Paul Pluzhnikov <ppluzhnikov at google dot com>, Andreas Schwab <schwab at suse dot de>, libc-alpha at sourceware dot org
Date: Tue, 03 Feb 2015 16:11:56 -0800
Subject: Re: [patch] Fix for heap overflow in wscanf (BZ 16618)
Authentication-results: sourceware.org; auth=none
References: <CALoOobPgvuBLTk4GzOchr792MHNi1yLgsO5Jqf8MPvY+bk544Q at mail dot gmail dot com> <20150202050906 dot GF23507 at brightrain dot aerifal dot cx> <CALoOobP5yEqB-oKUvPVJm0znonYJ_iM1q_uFBNT2sRojBguJ-A at mail dot gmail dot com> <mvmiofkiqaj dot fsf at hawking dot suse dot de> <CALoOobPyDepfTFp=_y50iKHxAhKV8W+ZkUiV6e-2O=kgpT_08g at mail dot gmail dot com> <87twz4xidl dot fsf at igel dot home> <CALoOobNFbi8csanuAGDwebQeojNWsSqj+6g6w-J94hZ8POOZiw at mail dot gmail dot com> <54D0F628 dot 3000808 at redhat dot com> <20150203180129 dot GP23507 at brightrain dot aerifal dot cx> <54D10E16 dot 7050601 at redhat dot com> <20150203184139 dot GQ23507 at brightrain dot aerifal dot cx> <54D11FE6 dot 9020905 at redhat dot com>

Carlos O'Donell wrote:

I'd read the POSIX wording differently.

Although Rich's interpretation is correct for current POSIX, thanks to EricBlake the next release of POSIX (Issue 8) is planned to change this, and torequire 'free' to leave errno alone, which as I understand it is your preferredinterpretation. Please see:


http://austingroupbugs.net/view.php?id=385

Because of this, glibc 'free' should not set errno if the user invokes 'free' ina conforming way. Setting errno will be a conformance bug once Issue 8 comesout, and glibc should be fixed to conform well before that. Also, the glibcdocumentation should be changed to discuss this issue. I have filed a glibc bugreport to that effect, here:


https://sourceware.org/bugzilla/show_bug.cgi?id=17924

Follow-Ups:
- Re: [patch] Fix for heap overflow in wscanf (BZ 16618)
  - From: Rich Felker

References:
- [patch] Fix for heap overflow in wscanf (BZ 16618)
  - From: Paul Pluzhnikov
- Re: [patch] Fix for heap overflow in wscanf (BZ 16618)
  - From: Rich Felker
- Re: [patch] Fix for heap overflow in wscanf (BZ 16618)
  - From: Paul Pluzhnikov
- Re: [patch] Fix for heap overflow in wscanf (BZ 16618)
  - From: Andreas Schwab
- Re: [patch] Fix for heap overflow in wscanf (BZ 16618)
  - From: Paul Pluzhnikov
- Re: [patch] Fix for heap overflow in wscanf (BZ 16618)
  - From: Andreas Schwab
- Re: [patch] Fix for heap overflow in wscanf (BZ 16618)
  - From: Paul Pluzhnikov
- Re: [patch] Fix for heap overflow in wscanf (BZ 16618)
  - From: Carlos O'Donell
- Re: [patch] Fix for heap overflow in wscanf (BZ 16618)
  - From: Rich Felker
- Re: [patch] Fix for heap overflow in wscanf (BZ 16618)
  - From: Carlos O'Donell
- Re: [patch] Fix for heap overflow in wscanf (BZ 16618)
  - From: Rich Felker
- Re: [patch] Fix for heap overflow in wscanf (BZ 16618)
  - From: Carlos O'Donell

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]