This is the mail archive of the
mailing list for the glibc project.
Re: [PATCH v2] vfprintf stack overflow [BZ #16617]
- From: Florian Weimer <fweimer at redhat dot com>
- To: Allan McRae <allan at archlinux dot org>, GNU C Library <libc-alpha at sourceware dot org>
- Date: Mon, 15 Dec 2014 11:37:08 +0100
- Subject: Re: [PATCH v2] vfprintf stack overflow [BZ #16617]
- Authentication-results: sourceware.org; auth=none
- References: <5481E0BD dot 9000203 at redhat dot com> <5485A63E dot 8000607 at redhat dot com> <alpine dot DEB dot 2 dot 10 dot 1412081538080 dot 3449 at digraph dot polyomino dot org dot uk> <5485CACB dot 5070604 at redhat dot com> <548ABE6C dot 8020809 at redhat dot com> <548EB735 dot 1060106 at archlinux dot org>
On 12/15/2014 11:25 AM, Allan McRae wrote:
On 12/12/14 20:07, Florian Weimer wrote:
On 12/08/2014 04:59 PM, Florian Weimer wrote:
On 12/08/2014 04:41 PM, Joseph Myers wrote:
On Mon, 8 Dec 2014, Florian Weimer wrote:
+ specs = malloc (nspecs_size);
+ if (specs == NULL)
+ __set_errno (ENOMEM);
+ done = -1;
+ goto all_done;
It looks to me like this will leak the previous copy of specs on
allocation failure, if the previous value was also malloced (so you need
"specs = old;" or similar here to get the return path to free it if
Ugh, thanks, I've made that change. Anything else?
FYI, I plan to commit this in Monday so that this doesn't fall through
the cracks again.
Are you going to backport this to release branches?
What's the procedure there?
I'm sure it's documented somewhere in the wiki, but could you at
pointers in the appropriate places, such as:
Florian Weimer / Red Hat Product Security