This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug nscd/16185] nscd/pwdcache.c (cache_addpw): Possible allocate DATASET outside of the stack if it's too large
- From: "nbthang_bk at yahoo dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Wed, 20 Nov 2013 16:13:51 +0000
- Subject: [Bug nscd/16185] nscd/pwdcache.c (cache_addpw): Possible allocate DATASET outside of the stack if it's too large
- Auto-submitted: auto-generated
- References: <bug-16185-131 at http dot sourceware dot org/bugzilla/>
https://sourceware.org/bugzilla/show_bug.cgi?id=16185
--- Comment #4 from bathang <nbthang_bk at yahoo dot com> ---
In following piece of code in pwdcache.c
const size_t buf_len = 3 * sizeof (pwd->pw_uid) + key_len + 1;
char *buf = alloca (buf_len);
ssize_t n;
/* We need this to insert the `byuid' entry. */
int key_offset;
n = snprintf (buf, buf_len, "%d%c%n%s", pwd->pw_uid, '\0',
&key_offset, (char *) key) + 1;
if there's a large dataset (pwd), the buf length can become very large and
alloca tried to allocate this buffer on function stack. Later, snprintf tried
to write string value to buffer which is allocated outside of stack. So I think
we'll then get this error ".. in writable segment detected".
--
You are receiving this mail because:
You are on the CC list for the bug.