Re: [Lsb-test] Double-free bug in glibc glob() reported to Debian BTS

To: Jeff Licquia <licquia@progeny.com>
Cc: lsb-test@freestandards.org, debian-lsb@lists.debian.org
Subject: Re: [Lsb-test] Double-free bug in glibc glob() reported to Debian BTS
From: Thorsten Kukuk <kukuk@suse.de>
Date: Tue, 10 Aug 2004 23:41:45 +0200
Message-id: <[🔎] 20040810214145.GA7163@suse.de>
In-reply-to: <[🔎] 1092168779.2750.23.camel@laptop1>
References: <[🔎] 1092168779.2750.23.camel@laptop1>

On Tue, Aug 10, Jeff Licquia wrote:

> See bug 264884 (http://bugs.debian.org/264884).
> 
> Also, the bug where glob() ignores GLOB_APPEND in some cases is also
> reported, in bug 264887.  Since this does not cause a test failure, it
> is marked at normal severity.

We are using the following patch since a long time. Haven't tested
if it is still correct, but I never see problems with it:

--- sysdeps/generic/glob.c
+++ sysdeps/generic/glob.c      2002/02/09 15:00:04
@@ -1056,7 +1056,7 @@
 globfree (pglob)
      register glob_t *pglob;
 {
-  if (pglob->gl_pathv != NULL)
+  if (pglob->gl_pathc && pglob->gl_pathv != NULL)
     {
       size_t i;
       for (i = 0; i < pglob->gl_pathc; ++i)
@@ -1064,6 +1064,7 @@
          free ((__ptr_t) pglob->gl_pathv[pglob->gl_offs + i]);
       free ((__ptr_t) pglob->gl_pathv);
     }
+  pglob->gl_pathc = 0;
 }
 


-- 
Thorsten Kukuk       http://www.suse.de/~kukuk/        kukuk@suse.de
SuSE Linux AG        Maxfeldstr. 5                 D-90409 Nuernberg
--------------------------------------------------------------------    
Key fingerprint = A368 676B 5E1B 3E46 CFCE  2D97 F8FD 4E23 56C6 FB4B

Reply to:

References:
- Double-free bug in glibc glob() reported to Debian BTS
  - From: Jeff Licquia <licquia@progeny.com>

Prev by Date: Double-free bug in glibc glob() reported to Debian BTS
Next by Date: LSB status of sarge?
Previous by thread: Double-free bug in glibc glob() reported to Debian BTS
Next by thread: LSB status of sarge?
Index(es):
- Date
- Thread