Bug#481543: libc6: low-memory snprintf provokes internal segfault

[Petr Salinger <Petr.Salinger@seznam.cz>]

> This demonstrates that it is indeed a.out/libc that provokes
> the segfault.  Here's the output I get:
>
>    [2331489.137491] zsh[21289]: segfault at 0 ip 7f1126c824f4 sp \
>      7fff2fa49778 error 6 in libc-2.7.so[7f1126c06000+14a000]
>
> Do the same thing with true, and there's no problem:
>
>    $ env -u -- zsh -f -c 'ulimit -v 5000; /bin/true' || dmesg|tail -1
>
> But if you use a command that calls printf or other stream output
> functions, it'll fail because glibc's stream output initialization code
> tries to allocate space and fails, and then segfaults.


For me, it does not segfault, the mmap fails, the snprintf() returns -1
and the program regularly ends.

mmap(NULL, 5246976, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory)
brk(0xbae000)                           = 0x6ad000
mmap(NULL, 5378048, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory)
mmap(NULL, 134217728, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_NORESERVE, -1, 0) = -1 ENOMEM (Cannot allocate memory)
mmap(NULL, 67108864, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_NORESERVE, -1, 0) = -1 ENOMEM (Cannot allocate memory)
mmap(NULL, 134217728, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_NORESERVE, -1, 0) = -1 ENOMEM (Cannot allocate memory)
mmap(NULL, 67108864, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_NORESERVE, -1, 0) = -1 ENOMEM (Cannot allocate memory)
exit_group(0)                           = ?

The gcc is 4.3.2-2, libc6 is 2.7-15.

Petr