Bug#912665: (geen onderwerp)

To: Frederik Himpe <fhimpe@ai.vub.ac.be>
Cc: 912665@bugs.debian.org
Subject: Bug#912665: (geen onderwerp)
From: Florian Weimer <fweimer@redhat.com>
Date: Fri, 02 Nov 2018 20:11:50 +0100
Message-id: <[🔎] 87bm77b8g9.fsf@oldenburg.str.redhat.com>
Reply-to: Florian Weimer <fweimer@redhat.com>, 912665@bugs.debian.org
In-reply-to: <[🔎] ecfb4554f2c6e605f2b7ec83b111257d@ai.vub.ac.be> (Frederik Himpe's message of "Fri, 02 Nov 2018 17:52:35 +0100")
References: <[🔎] 154117470919.22960.11444442818092779004.reportbug@ai-vmhost3.vub.ac.be> <[🔎] ecfb4554f2c6e605f2b7ec83b111257d@ai.vub.ac.be> <[🔎] 154117470919.22960.11444442818092779004.reportbug@ai-vmhost3.vub.ac.be>

* Frederik Himpe:

> FYI, this is where it crashes:
>
> #0  0x00007fc0172239c6 in _IO_fgets (buf=0x7ffc9b2b1640 "
> /dev/aivmhost3-vg/ceph-node1-storage:ceph-ff35163d-b03f-4dbf-a6ce-155730069dc0:4194304:-1:8:8:-1:4096:511:0:511:ZNexTV-ylVb-ltMP-T8Zu-ZklU-cN1I-dETf5o\n",
> n=1024, fp=0x1a90030)
>     at iofgets.c:47

This is the first dereference of the file stream pointer in fgets, so
this suggests a use-after-free application bug (or use-after-fclose in
this case).  It should be visible in valgrind as well.

Thanks,
Florian

Reply to:

References:
- Bug#912665: libc6: dsm_sa_datamgrd crashes in libc6 since update from 2.27-6 to 2.27-8
  - From: Frederik Himpe <fhimpe@ai.vub.ac.be>
- Bug#912665: (geen onderwerp)
  - From: Frederik Himpe <fhimpe@ai.vub.ac.be>

Prev by Date: Bug#912665: (geen onderwerp)
Next by Date: [Git][glibc-team/glibc][sid] patches/hurd-i386/git-msync.diff: Support msync
Previous by thread: Bug#912665: (geen onderwerp)
Next by thread: [Git][glibc-team/glibc][sid] patches/hurd-i386/git-msync.diff: Support msync
Index(es):
- Date
- Thread