This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug libc/12626] New: __backtrace_symbols_fd uses of out-of-scope storage in stack frame
- From: "jreiser at BitWagon dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sources dot redhat dot com
- Date: Wed, 30 Mar 2011 20:09:58 +0000
- Subject: [Bug libc/12626] New: __backtrace_symbols_fd uses of out-of-scope storage in stack frame
- Auto-submitted: auto-generated
http://sourceware.org/bugzilla/show_bug.cgi?id=12626
Summary: __backtrace_symbols_fd uses of out-of-scope storage in
stack frame
Product: glibc
Version: 2.13
Status: NEW
Severity: normal
Priority: P2
Component: libc
AssignedTo: drepper.fsp@gmail.com
ReportedBy: jreiser@BitWagon.com
Function __backtrace_symbolfs_fd (in source file
sysdeps/generic/elf/backtracesymsfd.c, MAIN branch, revision 1.5) uses storage
that is out-of-scope in the current stack frame. The local array char
buf2[WORD_WIDTH] is declared and used inside a block, but a pointer into buf2
is stored into iov[4].iov_base. The iov[4].iov_base is accessed by writev()
after exiting the block that declares buf2. Because buf2 is out-of-scope when
iov[4].iov_base is accessed, then there is no guarantee that the storage exists
or has the expected contents. In particular, a compiler which does "allocation
by contour" may well reclaim the space upon exit from the block, by discarding
[truncating] that portion of the stack frame.
The simple fix is to move the declaration of buf2 up next to the declaration of
'buf', where both will persist until after the writev().
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.