Bug#481543: libc6: low-memory snprintf provokes internal segfault
Package: libc6
Version: 2.7-11
Severity: normal
glibc's snprintf function malfunctions (segfault)
when its internal memory allocation fails.
FYI, this bug is new in libc6 2.7-11. I noticed because it provokes
a new failure in coreutils' printf-surprise test. This is not a
problem when using rawhide's glibc-2.8.
$ cat snprintf-test-debbug.c
#include <stdio.h>
#include <string.h>
int
main(int argc, char **argv)
{
char buf[200];
char *fmt = argv[1];
if (argc < 2)
return 1;
return snprintf (buf, sizeof buf, fmt, 1);
}
$ gcc snprintf-test-debbug.c
$ zsh -c 'ulimit -v 5000; ./a.out %$[5*2**20]d'
zsh: segmentation fault zsh -c 'ulimit -v 5000; ./a.out %$[5*2**20]d'
[Exit 139 (SEGV)]
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.24-1-amd64 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash
Versions of packages libc6 depends on:
ii libgcc1 1:4.3.0-4 GCC support library
libc6 recommends no packages.
-- debconf information:
glibc/upgrade: true
glibc/restart-failed:
glibc/restart-services:
Reply to: