This is the mail archive of the
glibc-bugs@sources.redhat.com
mailing list for the glibc project.
[Bug libc/968] New: Integer overflow in strxfrm_l.c
- From: "barbier at linuxfr dot org" <sourceware-bugzilla at sources dot redhat dot com>
- To: glibc-bugs at sources dot redhat dot com
- Date: 24 May 2005 21:02:14 -0000
- Subject: [Bug libc/968] New: Integer overflow in strxfrm_l.c
- Reply-to: sourceware-bugzilla at sources dot redhat dot com
libc/string/strxfrm_l.c contains the following lines:
/* Handle the pushed elements now. */
size_t backw;
for (backw = idxcnt - 1; backw >= backw_stop; --backw)
If backw_stop is 0. the end test never fails.
This never happens in practice because localedef is broken
(see BZ#645) and stores a single
order_start forward;forward;forward;forward,position
rule, and hence the backward directive is never processed.
But this bug arises when the patch sent to BZ#645 is applied.
--
Summary: Integer overflow in strxfrm_l.c
Product: glibc
Version: 2.3.5
Status: NEW
Severity: normal
Priority: P2
Component: libc
AssignedTo: gotom at debian dot or dot jp
ReportedBy: barbier at linuxfr dot org
CC: glibc-bugs at sources dot redhat dot com
OtherBugsDependingO 645
nThis:
http://sources.redhat.com/bugzilla/show_bug.cgi?id=968
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.