This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH] libio: Free backup area when it not required (BZ#22415)
- From: Adhemerval Zanella <adhemerval dot zanella at linaro dot org>
- To: Florian Weimer <fweimer at redhat dot com>, libc-alpha at sourceware dot org, Andreas Schwab <schwab at suse dot de>
- Date: Thu, 14 Dec 2017 13:36:24 -0200
- Subject: Re: [PATCH] libio: Free backup area when it not required (BZ#22415)
- Authentication-results: sourceware.org; auth=none
- References: <1511962793-14533-1-git-send-email-adhemerval.zanella@linaro.org> <2c2665b7-7cee-6616-f693-82bebf8fbc42@redhat.com>
On 14/12/2017 09:57, Florian Weimer wrote:
> On 11/29/2017 02:39 PM, Adhemerval Zanella wrote:
>> Some libio operations fail to correctly free the backup area (created
>> by_IO_{w}default_pbackfail on unget{w}c) resulting in either invalid
>> buffer free operations or memory leaks.
>>
>> For instance, on the example provided by BZ#22415 a following
>> fputc after a fseek to rewind the stream issues an invalid free on
>> the buffer.
>
> Do we have to treat this as a security bug? I don't think so, but I'd still like a second opinion.
>
> Thanks,
> Florian
I am not well versed in exploit crafting, so how do we usually handle
invalid free on user provided buffers?