[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1042373: libc6: The BUG is related to #1042020 (`reallocarray()` on amd64)

Hi,

On 2023-07-27 08:57, Boris Jakubith wrote:
> Package: libc6
> Version: 2.37-6
> Severity: important
> 
> The reason for the crash in `mmv` (Issue #104020) is a malfunction of
> `reallocarray()`. I tested it. Even with completely harmless parameters,
> a valid pointer and two relatively small `size_t` values (88, 8 or
> something like that), `reallocarray()` breaks `mmv` with an `invalid
> pointer` abort. In the same situation, a normal `realloc()` with the
> product of the two `size_t` values and the same pointer works fine.

The fact that an "invalid pointer" error is returned has nothing to do
with the size arguments, but with the validity of the pointers. As you
are able to reproduce the issue, could you please share a small
testcase?  That would ease the debugging.

> I tested it with the source package of `mmv` (by creating a version
> which uses `realloc()` instead of `reallocarray()`).

That looks very strange because reallocarray() is just a wrapper around
realloc(), it doesn't change the pointer that is passed.

Regards
Aurelien

-- 
Aurelien Jarno                          GPG: 4096R/1DDD8C9B
aurelien@aurel32.net                     http://aurel32.net
Reply to: