Re: Bug in joe, or libc6?
Hi,
more on the joe bug:
>>These are the last lines of an strace:
>>
>>sigaction(SIGINT, {SIG_DFL}, {SIG_IGN}) = 0
>>sigaction(SIGPIPE, {SIG_DFL}, {SIG_IGN}) = 0
>>--- SIGSEGV (Segmentation fault) ---
>>+++ killed by SIGSEGV +++
>
>I've got the source and tracked that to probably nclose() in tty.c. Other
>places where ttclose() or signrm() get called are also in the shell escape
>stuff which works without coredump.
This bug sure looks ugly - it segfaults in vs.c:vsrm() on a string that's
apparently never been malloced by vsmk(). Is that a new libc6 thing?
The difference to the 'short path name' case: all pointers in the vs module
stay valid there. So I guess it's overwriting a pointer to a vs string
someplace.
Moral: it's not affecting libc, just a stupid buffer overwrite bug.
Michael
--
To UNSUBSCRIBE, email to debian-68k-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: