This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH v2] vfprintf stack overflow [BZ #16617]
- From: Joseph Myers <joseph at codesourcery dot com>
- To: Florian Weimer <fweimer at redhat dot com>
- Cc: GNU C Library <libc-alpha at sourceware dot org>, Jeff Law <law at redhat dot com>
- Date: Mon, 8 Dec 2014 15:41:07 +0000
- Subject: Re: [PATCH v2] vfprintf stack overflow [BZ #16617]
- Authentication-results: sourceware.org; auth=none
- References: <5481E0BD dot 9000203 at redhat dot com> <5485A63E dot 8000607 at redhat dot com>
On Mon, 8 Dec 2014, Florian Weimer wrote:
> + specs = malloc (nspecs_size);
> + if (specs == NULL)
> + {
> + __set_errno (ENOMEM);
> + done = -1;
> + goto all_done;
> + }
It looks to me like this will leak the previous copy of specs on
allocation failure, if the previous value was also malloced (so you need
"specs = old;" or similar here to get the return path to free it if
appropriate).
--
Joseph S. Myers
joseph@codesourcery.com