This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH] libio: Free backup area when it not required (BZ#22415)

From: Adhemerval Zanella <adhemerval dot zanella at linaro dot org>
To: Florian Weimer <fweimer at redhat dot com>, libc-alpha at sourceware dot org, Andreas Schwab <schwab at suse dot de>
Date: Thu, 14 Dec 2017 13:36:24 -0200
Subject: Re: [PATCH] libio: Free backup area when it not required (BZ#22415)
Authentication-results: sourceware.org; auth=none
References: <1511962793-14533-1-git-send-email-adhemerval.zanella@linaro.org> <2c2665b7-7cee-6616-f693-82bebf8fbc42@redhat.com>


On 14/12/2017 09:57, Florian Weimer wrote:
> On 11/29/2017 02:39 PM, Adhemerval Zanella wrote:
>> Some libio operations fail to correctly free the backup area (created
>> by_IO_{w}default_pbackfail on unget{w}c) resulting in either invalid
>> buffer free operations or memory leaks.
>>
>> For instance, on the example provided by BZ#22415 a following
>> fputc after a fseek to rewind the stream issues an invalid free on
>> the buffer.
> 
> Do we have to treat this as a security bug?  I don't think so, but I'd still like a second opinion.
> 
> Thanks,
> Florian

I am not well versed in exploit crafting, so how do we usually handle
invalid free on user provided buffers?

Follow-Ups:
- Re: [PATCH] libio: Free backup area when it not required (BZ#22415)
  - From: Florian Weimer

References:
- Re: [PATCH] libio: Free backup area when it not required (BZ#22415)
  - From: Florian Weimer

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]