Bug#162917: [bcollins@debian.org: Re: Bug#162917: libc6: strftime crashes with invalid input]

To: Ben Collins <bcollins@debian.org>
Cc: "Derek B. Noonburg" <derekn@foolabs.com>, 162917@bugs.debian.org
Subject: Bug#162917: [bcollins@debian.org: Re: Bug#162917: libc6: strftime crashes with invalid input]
From: Hamish Moffatt <hamish@debian.org>
Date: Wed, 2 Oct 2002 20:01:44 +1000
Message-id: <[🔎] 20021002100144.GA26116@silly.cloud.net.au>
Reply-to: Hamish Moffatt <hamish@debian.org>, 162917@bugs.debian.org
In-reply-to: <[🔎] 20021001231332.GI23377@phunnypharm.org>
References: <20021001105558.GA15917@silly.cloud.net.au> <[🔎] 20021001225900.9373.qmail@foolabs.com> <[🔎] 20021001231332.GI23377@phunnypharm.org>

On Tue, Oct 01, 2002 at 07:13:32PM -0400, Ben Collins wrote:
> >     printf("%s", bogusPointer);
> 
> This is the exact same problem. The segfault you get in strftime is
> caused by -1 being used as an array position (foo[-1]).

So glibc chose an implementation which is not particularly safe.

> As I said, you got this problem by ignoring practical programming, which
> means checking return values.

True in this case, but it doesn't mean there isn't a more direct
approach to the same problem.


Hamish
-- 
Hamish Moffatt VK3SB <hamish@debian.org> <hamish@cloud.net.au>

Reply to:

References:
- Bug#162917: [bcollins@debian.org: Re: Bug#162917: libc6: strftime crashes with invalid input]
  - From: "Derek B. Noonburg" <derekn@foolabs.com>
- Bug#162917: [bcollins@debian.org: Re: Bug#162917: libc6: strftime crashes with invalid input]
  - From: Ben Collins <bcollins@debian.org>

Prev by Date: Re: catgets 'make check' failure
Next by Date: pthreads version needed
Previous by thread: Bug#162917: [bcollins@debian.org: Re: Bug#162917: libc6: strftime crashes with invalid input]
Next by thread: Re: Bug#163031: xterm: bug in deletion of multi-byte characters with unicode-xterm
Index(es):
- Date
- Thread