Bug#32838: libc6: setlocale() accesses memory out of bounds

To: submit@bugs.debian.org
Subject: Bug#32838: libc6: setlocale() accesses memory out of bounds
From: Thomas Roessler <roessler@guug.de>
Date: Wed, 3 Feb 1999 21:26:49 +0100
Message-id: <[🔎] 199902032026.VAA15342@sobolev.rhein.de>
Reply-to: Thomas Roessler <roessler@guug.de>, 32838@bugs.debian.org

Package: libc6
Version: 2.0.7t-1

According to efence (2.0.5-4), setlocale() will access memory out of
bounds. This has been reproduced on a slink system with
libc6_2.0.7u-7.1 installed.

To reproduce the problem, compile the following program with
-lefence:

------------------------------

#include <locale.h>

int main (int argc, char *argv[])
{
  setlocale (LC_ALL, "");
  setlocale (LC_CTYPE, "");
  return 0;
}

------------------------------

Set EF_PROTECT_FREE=1 and run the program.  You'll get a segfault
somewhere inside setlocale().

Environment settings:

[roessler@sobolev mutt-unstable]$ env | grep L[CA]
...
LC_CTYPE=iso_8859_1
LC_COLLATE=de_DE

iso_8859_1 is defined as de_DE.ISO-8859-1 in
/usr/share/locale/locale.alias.

tlr

-- System Information
Debian Release: 2.0
Kernel Version: Linux sobolev 2.2.1 #17 Thu Jan 28 23:48:24 MET 1999 i586 unknown

Versions of the packages libc6 depends on:
ii  ldso            1.9.9-1        The Linux dynamic linker, library and utilit

Reply to:

Prev by Date: Processed: Re: Bug#32801: glibc-doc not upgraded, at least recommended by libc6-dev
Next by Date: Bug#32801: glibc-doc not upgraded, at least recommended by libc6-dev
Previous by thread: Bug#32801: glibc-doc not upgraded, at least recommended by libc6-dev
Next by thread: Bug#32859: passwd: shadow(5) refers to shadow(3) - does not exist
Index(es):
- Date
- Thread