This is the mail archive of the mailing list for the glibc project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [patch] Fix for heap overflow in wscanf (BZ 16618)

On Tue, Feb 03, 2015 at 04:11:56PM -0800, Paul Eggert wrote:
> Carlos O'Donell wrote:
> >I'd read the POSIX wording differently.
> Although Rich's interpretation is correct for current POSIX, thanks
> to Eric Blake the next release of POSIX (Issue 8) is planned to
> change this, and to require 'free' to leave errno alone, which as I
> understand it is your preferred interpretation.  Please see:
> Because of this, glibc 'free' should not set errno if the user
> invokes 'free' in a conforming way.  Setting errno will be a
> conformance bug once Issue 8 comes out, and glibc should be fixed to
> conform well before that.  Also, the glibc documentation should be
> changed to discuss this issue.  I have filed a glibc bug report to
> that effect, here:

Interesting. Unfortunately this makes it impossible for the
application to observe the "valid memory was unable to be freed"
condition that occurs when you can't split a vma. Formally, the memory
is still freed anyway, so it hardly matters, but it indicates a
critical situation where things are about to blow up for the
application (malloc no longer working, etc.) so conceivably an
application could want to detect and respond to the condition.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]