This is the mail archive of the mailing list for the glibc project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[Bug libc/3662] New: Implementation bugs in random_r and friends

There are at least two implementation bugs in the random_r class of functions.

First, the random_data structure, being opaque, is typically just allocated on
the stack or malloc()ed.  There is no way to create a valid "this is not an old
state vector" structure without knowing the implementation details of the
structure.  If the compiler does not initialize the "state" member of the
structure to a value equal to the NULL pointer, the initstate_r() function will
crash as it dereferences whatever non-NULL but invalid value is held there.  We
need a method to create a blank random_data object, or the documentation has to
point out that the user is responsible for initializing the "state" member to NULL.

Second, initstate_r() and setstate_r() are documented in their comment blocks as
returning a pointer to the old state, but they do not.  There is no documented
way to retrieve the old state in a fashion that allows it to be re-introduced
into the system with setstate_r() at a later time.  As such, the setstate_r()
function is essentially unusable.

           Summary: Implementation bugs in random_r and friends
           Product: glibc
           Version: 2.4
            Status: NEW
          Severity: normal
          Priority: P2
         Component: libc
        AssignedTo: drepper at redhat dot com
        ReportedBy: glibcbugs0000 at cneufeld dot ca
                CC: glibc-bugs at sources dot redhat dot com

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]