This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug libc/12846] swprintf memory leak on long strings

From: "hlamer at tut dot by" <sourceware-bugzilla at sourceware dot org>
To: glibc-bugs at sources dot redhat dot com
Date: Sat, 07 Jan 2012 17:44:29 +0000
Subject: [Bug libc/12846] swprintf memory leak on long strings
Auto-submitted: auto-generated
References: <bug-12846-131@http.sourceware.org/bugzilla/>

http://sourceware.org/bugzilla/show_bug.cgi?id=12846

--- Comment #3 from Andrei Kopats <hlamer at tut dot by> 2012-01-07 17:44:29 UTC ---
Oops, it seems I forgot to attach the file.

I tried to reproduce write the exploit again, but, can not reproduce the
bug now on Ubuntu 11.10 :-(
If I remember correctly, swprintf leaked memory, if string size was more
than 2048.
Bug is not reproduced, because now I doing something in different way, or
because it has been fixed. You could just check the sources for magic
number 2048


Here is my newly written exploit, which does not work on Ubuntu 11.10:


#include <stdio.h>
#include <wchar.h>

#define CRITICAL_BUFFER_SIZE (2048 + 1)

int main(int argc, char** argv)
{
    int i;

    wchar_t buffer [CRITICAL_BUFFER_SIZE];
    wchar_t srcBuffer [CRITICAL_BUFFER_SIZE];

    for (i = 0; i < CRITICAL_BUFFER_SIZE; i++)
        srcBuffer[i] = 'a';

    for (i = 0; i < (64 * 1024 * 1024); i++)
        swprintf(buffer, sizeof(buffer), L"%s", srcBuffer);

    printf("OK, now check, how much memory have I eatten and press
Enter\n");

    getchar();

    return 0;
}

On Wed, Jan 4, 2012 at 11:01 PM, aj at suse dot de <
sourceware-bugzilla@sourceware.org> wrote:

> http://sourceware.org/bugzilla/show_bug.cgi?id=12846
>
> Andreas Jaeger <aj at suse dot de> changed:
>
>           What    |Removed                     |Added
>
> ----------------------------------------------------------------------------
>                 CC|                            |aj at suse dot de
>
> --- Comment #2 from Andreas Jaeger <aj at suse dot de> 2012-01-04 20:01:52
> UTC ---
> Andrei, could you add the test case, please?
>
> --
> Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
> ------- You are receiving this mail because: -------
> You reported the bug.
>

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]