[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#456240: libc6 2.7-3 vfscanf() illegal free()

Kalle A. Sandstr"om a écrit :
> Package: libc6
> Version: 2.7-4
> 
> libc6 as found in testing and in unstable (versions 2.7-3 and 2.7-4
> respectively) have a bug in the vfscanf() implementation, found in the file
> glibc-2.7/stdio-common/vfscanf.c . The bug causes a pointer originally
> procured from alloca() to be passed to free(), resulting in a predictable
> kaboom.
> 
> The GNU libc development team has since fixed this bug, according to the CVS
> browser view at [1]; note revision 1.128 in particular.
> 
> This issue turned up while trying to use genext2fs after a libc6 upgrade
> from testing. The genext2fs package has an apparently related FTBFS bug
> logged on it right now.
> 
> I would characterize this bug as critical: it causes previously working
> programs to crash through no fault of their own, and might be speculated to
> affect any program that took the easy route with configuration parsing by
> feeding input lines to sscanf(), much as genext2fs does.
> 

Already reported, already fixed in SVN.


-- 
  .''`.  Aurelien Jarno	            | GPG: 1024D/F1BCDB73
 : :' :  Debian developer           | Electrical Engineer
 `. `'   aurel32@debian.org         | aurelien@aurel32.net
   `-    people.debian.org/~aurel32 | www.aurel32.net
Reply to: