Bug#550625: libc6: Realloc sometimes fails to copy all memory correctly
Package: libc6
Version: 2.7-18
Severity: normal
I've been trying to track down a bug that became apparent when using Tor. Sometimes,
realloc apparently failed to copy the last few bytes of a buffer over when it enlarged
said buffer.
I've done some digging, and came across a bugreport about the issue:
http://sources.redhat.com/bugzilla/show_bug.cgi?id=10018
Also, I found a glibc bugreport with an attached patch to
fix the problem, but the patch was rejected by the glibc maintainer:
http://sources.redhat.com/bugzilla/show_bug.cgi?id=5743
a few months later though, the fix was applied:
http://repo.or.cz/w/glibc.git?a=commitdiff;h=486bdb886330a250af76cbb12af55d2c67ec0981
I checked Lenny's sources, and the offending line in malloc.c is the same as in
the bugreports above, Squeeze, due to updating to a newer version of libc,
doesn't have it.
I'm not sure why the test programs referenced don't trigger the bug on Lenny
for me, but when patching the Tor source to manually compare the last few bytes
of a buffer before it is realloc'ed to afterwards exhibits the issue.
-- System Information:
Debian Release: 5.0.3
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.26-1-686-bigmem (SMP w/2 CPU cores)
Locale: LANG=en_US.ISO-8859-15, LC_CTYPE=en_US.ISO-8859-15 (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash
Versions of packages libc6 depends on:
ii libgcc1 1:4.3.2-1.1 GCC support library
libc6 recommends no packages.
Versions of packages libc6 suggests:
pn glibc-doc <none> (no description available)
ii libc6-i686 2.7-18 GNU C Library: Shared libraries [i
ii locales 2.7-18 GNU C Library: National Language (
-- debconf information excluded
Reply to: