[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1042373: libc6: The BUG is related to #1042020 (`reallocarray()` on amd64)

Package: libc6
Version: 2.37-6
Severity: important

The reason for the crash in `mmv` (Issue #104020) is a malfunction of
`reallocarray()`. I tested it. Even with completely harmless parameters,
a valid pointer and two relatively small `size_t` values (88, 8 or
something like that), `reallocarray()` breaks `mmv` with an `invalid
pointer` abort. In the same situation, a normal `realloc()` with the
product of the two `size_t` values and the same pointer works fine.
I tested it with the source package of `mmv` (by creating a version
which uses `realloc()` instead of `reallocarray()`).

-- System Information:
Debian Release: trixie/sid
  APT prefers testing
  APT policy: (900, 'testing'), (800, 'unstable')
merged-usr: no
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.4.0-1-amd64 (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
LSM: AppArmor: enabled

Versions of packages libc6 depends on:
ii  libgcc-s1  13.1.0-9

Versions of packages libc6 recommends:
ii  libidn2-0  2.3.4-1

Versions of packages libc6 suggests:
ii  cdebconf [debconf-2.0]  0.270
ii  debconf [debconf-2.0]   1.5.82
ii  glibc-doc               2.37-6
ii  libc-l10n               2.37-6
ii  libnss-nis              3.1-4
ii  libnss-nisplus          1.3-4
ii  locales                 2.37-6

-- debconf information excluded
Reply to: