Bug#481543: libc6: low-memory snprintf provokes internal segfault

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#481543: libc6: low-memory snprintf provokes internal segfault
From: Jim Meyering <meyering@rho.meyering.net>
Date: Fri, 16 May 2008 22:30:34 +0200
Message-id: <[🔎] 87hccy56w9.fsf@rho.meyering.net>
Reply-to: Jim Meyering <meyering@rho.meyering.net>, 481543@bugs.debian.org

Package: libc6
Version: 2.7-11
Severity: normal

glibc's snprintf function malfunctions (segfault)
when its internal memory allocation fails.
FYI, this bug is new in libc6 2.7-11.  I noticed because it provokes
a new failure in coreutils' printf-surprise test.  This is not a
problem when using rawhide's glibc-2.8.

$ cat snprintf-test-debbug.c
#include <stdio.h>
#include <string.h>
int
main(int argc, char **argv)
{
  char buf[200];
  char *fmt = argv[1];
  if (argc < 2)
    return 1;
  return snprintf (buf, sizeof buf, fmt, 1);
}
$ gcc snprintf-test-debbug.c
$ zsh -c 'ulimit -v 5000; ./a.out %$[5*2**20]d'
zsh: segmentation fault  zsh -c 'ulimit -v 5000; ./a.out %$[5*2**20]d'
[Exit 139 (SEGV)]

-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.24-1-amd64 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash

Versions of packages libc6 depends on:
ii  libgcc1                       1:4.3.0-4  GCC support library

libc6 recommends no packages.

-- debconf information:
  glibc/upgrade: true
  glibc/restart-failed:
  glibc/restart-services:

Reply to:

Prev by Date: r2946 - in tzdata/trunk/debian: . po
Next by Date: Bug#481565: locales: locale-gen fails when a file named UTF-8 is in current directory.
Previous by thread: r2946 - in tzdata/trunk/debian: . po
Next by thread: Bug#481565: locales: locale-gen fails when a file named UTF-8 is in current directory.
Index(es):
- Date
- Thread