This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug libc/14404] New: strtod causes invalid memory access on certain inputs
- From: "charles at hailoo dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sources dot redhat dot com
- Date: Wed, 25 Jul 2012 19:37:16 +0000
- Subject: [Bug libc/14404] New: strtod causes invalid memory access on certain inputs
- Auto-submitted: auto-generated
http://sourceware.org/bugzilla/show_bug.cgi?id=14404
Bug #: 14404
Summary: strtod causes invalid memory access on certain inputs
Product: glibc
Version: 2.16
Status: NEW
Severity: normal
Priority: P2
Component: libc
AssignedTo: unassigned@sourceware.org
ReportedBy: charles@hailoo.com
CC: drepper.fsp@gmail.com
Classification: Unclassified
The function strtod in GLIBC, (implemented in stdlib/strtod_l.c), has a bug
when checking for "inf" or "nan" in strtod_l.c.
The issue causes Valgrind to report an invalid memory access. It can be
reproduced easily by simply trying to use strtod on a string that starts with
the letter "i" or "n":
char* s = malloc(12);
memset(s, 0, 12);
strcpy(s, "ichabod");
double v = std::strtod(s, NULL);
This causes Valgrind to report:
==20062== Invalid read of size 8
==20062== at 0x565A147: __GI___strncasecmp_l (strcmp.S:215)
==20062== by 0x5610F5E: ____strtod_l_internal (strtod_l.c:577)
==20062== by 0x404B43: main (test4.cc:310)
==20062== Address 0x5971048 is 8 bytes inside a block of size 12 alloc'd
==20062== at 0x4C28F9F: malloc (vg_replace_malloc.c:236)
==20062== by 0x404B07: main (test4.cc:307)
The bug seems to have something to do with the use of STRNCASECMP macro when
checking for "inf" and "nan".
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.