This is the mail archive of the mailing list for the glibc project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [PATCH v2] vfprintf stack overflow [BZ #16617]

On 12/15/2014 11:25 AM, Allan McRae wrote:
On 12/12/14 20:07, Florian Weimer wrote:
On 12/08/2014 04:59 PM, Florian Weimer wrote:
On 12/08/2014 04:41 PM, Joseph Myers wrote:
On Mon, 8 Dec 2014, Florian Weimer wrote:

+        specs = malloc (nspecs_size);
+        if (specs == NULL)
+          {
+            __set_errno (ENOMEM);
+            done = -1;
+            goto all_done;
+          }

It looks to me like this will leak the previous copy of specs on
allocation failure, if the previous value was also malloced (so you need
"specs = old;" or similar here to get the return path to free it if

Ugh, thanks, I've made that change.  Anything else?

FYI, I plan to commit this in Monday so that this doesn't fall through
the cracks again.

Are you going to backport this to release branches?

What's the procedure there?

I'm sure it's documented somewhere in the wiki, but could you at pointers in the appropriate places, such as:

Florian Weimer / Red Hat Product Security

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]