This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [PATCH] Extend tst-{atexit,at_quick_exit,cxa_atexit,onexit} to verify minimum number of supported handlers

On Fri, Sep 1, 2017 at 11:03 AM, H.J. Lu <hjl.tools@gmail.com> wrote:

> It failed on Linux/i686:

The "crumbs" buffer was not sized correctly, and I had global buffer overflow:

==71453==ERROR: AddressSanitizer: global-buffer-overflow on address
0x0000006023c0 at pc 0x000000400e84 bp 0x7ffe059dc370 sp
0x7ffe059dc368
WRITE of size 1 at 0x0000006023c0 thread T0
    #0 0x400e83 in fn1 ../stdlib/tst-atexit-common.c:53
    #1 0x7ff8af2da1a8  (/lib/x86_64-linux-gnu/libc.so.6+0x3c1a8)
    #2 0x7ff8af2da1f4 in exit (/lib/x86_64-linux-gnu/libc.so.6+0x3c1f4)
    #3 0x400bf5 in do_test ../stdlib/tst-atexit-common.c:140
    #4 0x400bf5 in main ../stdlib/tst-atexit-common.c:143
    #5 0x7ff8af2bff44 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
    #6 0x400d39  (/glibc-git/stdlib/a.out+0x400d39)

0x0000006023c0 is located 0 bytes to the right of global variable
'crumbs' defined in '../stdlib/tst-atexit-common.c:33:13' (0x6023a0)
of size 32

Sorry about that. Committed attached fix.




-- 
Paul Pluzhnikov

Attachment: glibc-atexit-max-20170901.txt
Description: Text document

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]