[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug in joe, or libc6?


more on the joe bug:

>>These are the last lines of an strace:
>>sigaction(SIGINT, {SIG_DFL}, {SIG_IGN}) = 0
>>sigaction(SIGPIPE, {SIG_DFL}, {SIG_IGN}) = 0
>>--- SIGSEGV (Segmentation fault) ---
>>+++ killed by SIGSEGV +++
>I've got the source and tracked that to probably nclose() in tty.c. Other
>places where ttclose() or signrm() get called are also in the shell escape
>stuff which works without coredump. 

This bug sure looks ugly - it segfaults in vs.c:vsrm() on a string that's 
apparently never been malloced by vsmk(). Is that a new libc6 thing? 

The difference to the 'short path name' case: all pointers in the vs module
stay valid there. So I guess it's overwriting a pointer to a vs string 

Moral: it's not affecting libc, just a stupid buffer overwrite bug.


To UNSUBSCRIBE, email to debian-68k-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: