This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug libc/17746] tilegx32: strstr can miss the end of the string
- From: "fweimer at redhat dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Thu, 29 Jan 2015 14:43:52 +0000
- Subject: [Bug libc/17746] tilegx32: strstr can miss the end of the string
- Auto-submitted: auto-generated
- References: <bug-17746-131 at http dot sourceware dot org/bugzilla/>
https://sourceware.org/bugzilla/show_bug.cgi?id=17746
Florian Weimer <fweimer at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Flags|security? |security+
--- Comment #5 from Florian Weimer <fweimer at redhat dot com> ---
(In reply to Chris Metcalf from comment #4)
> (In reply to Florian Weimer from comment #3)
> > Can you clarify the impact of the bug? Just one results from strstr, or a
> > crash due to reading past the end of the string, or â?
>
> If the "haystack" is near the end of allocated memory, the strstr() can miss
> the end of the string and cause a SEGV. Otherwise, strstr() will run on
> until it finds either a match to the needle, or a NUL byte with address p,
> where (p & 4) == 0, i.e. it ignores half of the possible NUL bytes.
Thanks, based on this information, I flag this as âsecurityâ because it could
leak information (by returning a string outside the original haystack), or
crash. Feel free to remove the flag if you disagree.
--
You are receiving this mail because:
You are on the CC list for the bug.