This is the mail archive of the
glibc-bugs@sources.redhat.com
mailing list for the glibc project.
[Bug libc/199] New: memory buffer overrun in rare case
- From: "miles at cray dot com" <sourceware-bugzilla at sources dot redhat dot com>
- To: glibc-bugs at sources dot redhat dot com
- Date: 2 Jun 2004 22:59:17 -0000
- Subject: [Bug libc/199] New: memory buffer overrun in rare case
- Reply-to: sourceware-bugzilla at sources dot redhat dot com
In __md5_crypt, static variable buflen is set to needed even if realloc fails.
A later call to this routine will have buflen be too large, and
could cause a write of the end of buf.
old version:
buflen = needed;
new_buffer = (char *) realloc (buffer, buflen);
if (new_buffer == NULL)
return NULL;
fixed version:
new_buffer = (char *) realloc (buffer, needed);
if (new_buffer == NULL)
return NULL;
buflen = needed;
--
Summary: memory buffer overrun in rare case
Product: glibc
Version: 2.3.2
Status: NEW
Severity: minor
Priority: P2
Component: libc
AssignedTo: gotom at debian dot or dot jp
ReportedBy: miles at cray dot com
CC: glibc-bugs at sources dot redhat dot com
http://sources.redhat.com/bugzilla/show_bug.cgi?id=199
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.