This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug libc/12846] swprintf memory leak on long strings
- From: "hlamer at tut dot by" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sources dot redhat dot com
- Date: Sat, 07 Jan 2012 17:44:29 +0000
- Subject: [Bug libc/12846] swprintf memory leak on long strings
- Auto-submitted: auto-generated
- References: <bug-12846-131@http.sourceware.org/bugzilla/>
http://sourceware.org/bugzilla/show_bug.cgi?id=12846
--- Comment #3 from Andrei Kopats <hlamer at tut dot by> 2012-01-07 17:44:29 UTC ---
Oops, it seems I forgot to attach the file.
I tried to reproduce write the exploit again, but, can not reproduce the
bug now on Ubuntu 11.10 :-(
If I remember correctly, swprintf leaked memory, if string size was more
than 2048.
Bug is not reproduced, because now I doing something in different way, or
because it has been fixed. You could just check the sources for magic
number 2048
Here is my newly written exploit, which does not work on Ubuntu 11.10:
#include <stdio.h>
#include <wchar.h>
#define CRITICAL_BUFFER_SIZE (2048 + 1)
int main(int argc, char** argv)
{
int i;
wchar_t buffer [CRITICAL_BUFFER_SIZE];
wchar_t srcBuffer [CRITICAL_BUFFER_SIZE];
for (i = 0; i < CRITICAL_BUFFER_SIZE; i++)
srcBuffer[i] = 'a';
for (i = 0; i < (64 * 1024 * 1024); i++)
swprintf(buffer, sizeof(buffer), L"%s", srcBuffer);
printf("OK, now check, how much memory have I eatten and press
Enter\n");
getchar();
return 0;
}
On Wed, Jan 4, 2012 at 11:01 PM, aj at suse dot de <
sourceware-bugzilla@sourceware.org> wrote:
> http://sourceware.org/bugzilla/show_bug.cgi?id=12846
>
> Andreas Jaeger <aj at suse dot de> changed:
>
> What |Removed |Added
>
> ----------------------------------------------------------------------------
> CC| |aj at suse dot de
>
> --- Comment #2 from Andreas Jaeger <aj at suse dot de> 2012-01-04 20:01:52
> UTC ---
> Andrei, could you add the test case, please?
>
> --
> Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
> ------- You are receiving this mail because: -------
> You reported the bug.
>
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.