Bug#456240: libc6 2.7-3 vfscanf() illegal free()
Kalle A. Sandstr"om a écrit :
> Package: libc6
> Version: 2.7-4
>
> libc6 as found in testing and in unstable (versions 2.7-3 and 2.7-4
> respectively) have a bug in the vfscanf() implementation, found in the file
> glibc-2.7/stdio-common/vfscanf.c . The bug causes a pointer originally
> procured from alloca() to be passed to free(), resulting in a predictable
> kaboom.
>
> The GNU libc development team has since fixed this bug, according to the CVS
> browser view at [1]; note revision 1.128 in particular.
>
> This issue turned up while trying to use genext2fs after a libc6 upgrade
> from testing. The genext2fs package has an apparently related FTBFS bug
> logged on it right now.
>
> I would characterize this bug as critical: it causes previously working
> programs to crash through no fault of their own, and might be speculated to
> affect any program that took the easy route with configuration parsing by
> feeding input lines to sscanf(), much as genext2fs does.
>
Already reported, already fixed in SVN.
--
.''`. Aurelien Jarno | GPG: 1024D/F1BCDB73
: :' : Debian developer | Electrical Engineer
`. `' aurel32@debian.org | aurelien@aurel32.net
`- people.debian.org/~aurel32 | www.aurel32.net
Reply to: