This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug string/24762] New: strchrnul returns invalid pointer
- From: "facerihiso at fast-email dot info" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Thu, 04 Jul 2019 03:12:21 +0000
- Subject: [Bug string/24762] New: strchrnul returns invalid pointer
- Auto-submitted: auto-generated
https://sourceware.org/bugzilla/show_bug.cgi?id=24762
Bug ID: 24762
Summary: strchrnul returns invalid pointer
Product: glibc
Version: 2.27
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: string
Assignee: unassigned at sourceware dot org
Reporter: facerihiso@fast-email.info
Target Milestone: ---
Created attachment 11881
--> https://sourceware.org/bugzilla/attachment.cgi?id=11881&action=edit
Minimal example of bug
strchrnul appears to return a pointer to memory outside of the program's
address space and returns a pointer different than the one returned by strchr
when the expected results would be identical, i.e., when the character exists
in the string.
This can be reproduced using the attached sample program:
gcc strchrnul_bug_example.c
./a.out
Output has varied, but normally looks something like this:
0x7fffccbe481993, 0x7fffbe481993
0x7fffbe481993, 0xffffffffbe481993
Segmentation fault (core dumped)
or alternatively something like:
0x7ffc01730ae3, 0x7ffc01730ae3
0x7ffc01730ae3, 0x1730ae3
Segmentation fault (core dumped)
It would be expected that all four pointers displayed are identical because the
desired character is present at the beginning of the string, but this is not
the case. As a result, any assignment to this invalid pointer returned by
strchrnul results in a segmentation fault.
Occurs on Centos 7 and Ubuntu 18.04.
--
You are receiving this mail because:
You are on the CC list for the bug.