This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug malloc/23907] New: Incorrect double-free malloc tcache check disregards tcache
- From: "fweimer at redhat dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Thu, 22 Nov 2018 06:58:17 +0000
- Subject: [Bug malloc/23907] New: Incorrect double-free malloc tcache check disregards tcache
- Auto-submitted: auto-generated
https://sourceware.org/bugzilla/show_bug.cgi?id=23907
Bug ID: 23907
Summary: Incorrect double-free malloc tcache check disregards
tcache
Product: glibc
Version: 2.28
Status: NEW
Severity: normal
Priority: P2
Component: malloc
Assignee: unassigned at sourceware dot org
Reporter: fweimer at redhat dot com
Target Milestone: ---
Flags: security-
The double-free check in _int_free in commit
bcdaad21d4635931d1bd3b54a7894276925d081d ("malloc: tcache double free check")
does not verify that tc_idx is a valid tcache index, so it will read invalid
tcache entries, leading to caches.
The faulty patch was backported in to glibc 2.28, so we need to backport the
fix as well.
--
You are receiving this mail because:
You are on the CC list for the bug.