This is the mail archive of the
libc-alpha@sources.redhat.com
mailing list for the glibc project.
dlerror references buffer passed to dlopen
- To: libc-alpha at sourceware dot cygnus dot com
- Subject: dlerror references buffer passed to dlopen
- From: lav at yars dot free dot net
- Date: Sun, 15 Oct 2000 13:07:00 +0400
>Submitter-Id: net
>Originator: Alexander V. Lukyanov
>Organization:
>Confidential: no
>Synopsis: dlerror references buffer passed to dlopen
>Severity: serious
>Priority: low
>Category: libc
>Class: sw-bug
>Release: libc-2.1.92
>Environment:
Host type: i686-redhat-linux-gnu
System: Linux long.yar.ru 2.2.17 #91 Sun Sep 24 14:06:30 MSD 2000 i686 unknown
Architecture: i686
Addons: c_stubs glibc-compat linuxthreads soft-fp
Build CFLAGS: -march=i686 -D__USE_STRING_INLINES -fstrict-aliasing -freorder-blocks -DNDEBUG=1 -g -O3
Build CC: gcc
Compiler version: 2.96 20000731 (experimental)
Kernel headers: 2.4.0-0.26
Symbol versioning: yes
Build static: yes
Build shared: yes
Build pic-default: no
Build profile: yes
Build omitfp: no
Build bounded: no
Build static-nss: no
Stdio: libio
>Description:
dlerror uses pointer to buffer passed to dlopen to construct error
message. At the time of dlerror calling the buffer may no longer
exist, be filled with garbage etc.
>How-To-Repeat:
#include <stdio.h>
#include <dlfcn.h>
int main()
{
char file[256]="no-such-file";
dlopen(file,RTLD_LAZY);
memset(file,'x',12);
printf("%s\n",dlerror());
return 0;
}
>Fix:
copy the file name to internal buffer