15380 – initstate() fails to return NULL if size < 8

Bug 15380 - initstate() fails to return NULL if size < 8

Summary: initstate() fails to return NULL if size < 8

Status:	RESOLVED FIXED

Alias:	None

Product:	glibc
Classification:	Unclassified
Component:	libc (show other bugs)
Version:	2.17

Importance:	P2 normal
Target Milestone:	2.18
Assignee:	Andreas Jaeger

URL:
Keywords:

Depends on:
Blocks:

Reported:	2013-04-19 07:53 UTC by Michael Kerrisk
Modified:	2014-06-13 18:24 UTC (History)
CC List:	2 users (show)

See Also:
Host:
Target:
Build:
Last reconfirmed:

Flags:	fweimer: security-

Attachments
Test case (161 bytes, text/plain) 2013-04-19 07:55 UTC, Michael Kerrisk	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Michael Kerrisk 2013-04-19 07:53:35 UTC

POSIX.1-2001 says:

    RETURN VALUE
       If initstate() is called with size less than 8, it shall return
       NULL.

glibc sets errno to EINVAL for this case, but does not return NULL, thus violating the standard.

Comment 1 Michael Kerrisk 2013-04-19 07:55:40 UTC

Created attachment 6990 [details]
Test case

Test case to demonstrate the bug

$ ./a.out
0x35b1fb00a0
errno=22

Comment 2 Andreas Jaeger 2013-04-29 19:04:38 UTC

Thanks, fixed for glibc 2.18 now.

commit 9ce3b2cbd245abedc6cff147a1b91566e340edb1
Author: Andreas Jaeger <aj@suse.de>
Date:   Mon Apr 29 21:02:16 2013 +0200