Re: Bug in joe, or libc6?

To: SCHMITZ@LCBVAX.CCHEM.BERKELEY.EDU
Subject: Re: Bug in joe, or libc6?
From: Michael Schmitz <SCHMITZ@LCBVAX.CCHEM.BERKELEY.EDU>
Date: 6 Apr 1998 00:05:50 -0000
Message-id: <[🔎] 980405160741.2020447f@LCBVAX.CCHEM.BERKELEY.EDU>

Hi,

more on the joe bug:

>>These are the last lines of an strace:
>>
>>sigaction(SIGINT, {SIG_DFL}, {SIG_IGN}) = 0
>>sigaction(SIGPIPE, {SIG_DFL}, {SIG_IGN}) = 0
>>--- SIGSEGV (Segmentation fault) ---
>>+++ killed by SIGSEGV +++
>
>I've got the source and tracked that to probably nclose() in tty.c. Other
>places where ttclose() or signrm() get called are also in the shell escape
>stuff which works without coredump. 

This bug sure looks ugly - it segfaults in vs.c:vsrm() on a string that's 
apparently never been malloced by vsmk(). Is that a new libc6 thing? 

The difference to the 'short path name' case: all pointers in the vs module
stay valid there. So I guess it's overwriting a pointer to a vs string 
someplace.

Moral: it's not affecting libc, just a stupid buffer overwrite bug.

	Michael


--
To UNSUBSCRIBE, email to debian-68k-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Prev by Date: Re: Bug in joe, or libc6?
Next by Date: Linux and CV64/3D
Previous by thread: Re: Bug in joe, or libc6?
Next by thread: Re: Bug in joe, or libc6?
Index(es):
- Date
- Thread