This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[Bug string/24762] New: strchrnul returns invalid pointer


https://sourceware.org/bugzilla/show_bug.cgi?id=24762

            Bug ID: 24762
           Summary: strchrnul returns invalid pointer
           Product: glibc
           Version: 2.27
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: string
          Assignee: unassigned at sourceware dot org
          Reporter: facerihiso@fast-email.info
  Target Milestone: ---

Created attachment 11881
  --> https://sourceware.org/bugzilla/attachment.cgi?id=11881&action=edit
Minimal example of bug

strchrnul appears to return a pointer to memory outside of the program's
address space and returns a pointer different than the one returned by strchr
when the expected results would be identical, i.e., when the character exists
in the string.

This can be reproduced using the attached sample program:
gcc strchrnul_bug_example.c 
./a.out

Output has varied, but normally looks something like this:
0x7fffccbe481993, 0x7fffbe481993
0x7fffbe481993, 0xffffffffbe481993
Segmentation fault (core dumped)

or alternatively something like:
0x7ffc01730ae3, 0x7ffc01730ae3
0x7ffc01730ae3, 0x1730ae3
Segmentation fault (core dumped)

It would be expected that all four pointers displayed are identical because the
desired character is present at the beginning of the string, but this is not
the case.  As a result, any assignment to this invalid pointer returned by
strchrnul results in a segmentation fault.

Occurs on Centos 7 and Ubuntu 18.04.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]