This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug nscd/16185] New: nscd/pwdcache.c (cache_addpw): Possible allocate DATASET outside of the stack if it's too large
- From: "nbthang_bk at yahoo dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Mon, 18 Nov 2013 16:47:06 +0000
- Subject: [Bug nscd/16185] New: nscd/pwdcache.c (cache_addpw): Possible allocate DATASET outside of the stack if it's too large
- Auto-submitted: auto-generated
https://sourceware.org/bugzilla/show_bug.cgi?id=16185
Bug ID: 16185
Summary: nscd/pwdcache.c (cache_addpw): Possible allocate
DATASET outside of the stack if it's too large
Product: glibc
Version: unspecified
Status: NEW
Severity: normal
Priority: P2
Component: nscd
Assignee: unassigned at sourceware dot org
Reporter: nbthang_bk at yahoo dot com
CC: drepper.fsp at gmail dot com
Sometime, nscd application got crash and generate a coredump. After analyzing
the coredump, it seems that the issue is caused by allocating buffer outside of
stack.
0 0x00007f6e4d250b35 in *__GI_raise (sig=<optimized out>)
at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#1 0x00007f6e4d252111 in *__GI_abort () at abort.c:92
#2 0x00007f6e4d28edef in __libc_message (do_abort=1, fmt=0x7f6e4d3597d4 "%s")
at ../sysdeps/unix/sysv/linux/libc_fatal.c:186
#3 0x00007f6e4d28eece in *__GI___libc_fatal (
message=0x7f6e4d35b488 "*** %n in writable segment detected ***\n")
at ../sysdeps/unix/sysv/linux/libc_fatal.c:197
#4 0x00007f6e4d26685f in _IO_vfprintf_internal (s=0x7f6e42629ef0,
format=0x7f6e4e02cc90 "%d%c%n%s", ap=0x7f6e4262a060) at vfprintf.c:1973
#5 0x00007f6e4d30b899 in ___vsnprintf_chk (s=0x7f6e4262a160 "1019",
maxlen=<optimized out>, flags=1, slen=<optimized out>,
format=0x7f6e4e02cc90 "%d%c%n%s", args=0x7f6e4262a060)
at vsnprintf_chk.c:65
#6 0x00007f6e4d30b7db in ___snprintf_chk (
s=0x5466 <Address 0x5466 out of bounds>, maxlen=8063, flags=6,
slen=18446744073709551615,
format=0x626174697277206e <Address 0x626174697277206e out of bounds>)
at snprintf_chk.c:36
#7 0x00007f6e4e01ca7f in snprintf (__fmt=<optimized out>,
__n=<optimized out>, __s=<optimized out>) at ../libio/bits/stdio2.h:65
#8 cache_addpw (db=0x7f6e4e2310a0, fd=12, req=0x7f6e4262bde0,
key=0x7f6e4262b890, pwd=0x7f6e4262a7c0, owner=4294967295, he=0x0, dh=0x0,
errval=0) at pwdcache.c:184
A similar issue was encountered in the past and fixed in following commit:
https://sourceware.org/ml/libc-alpha/2012-06/txt00010.txt
I think that we need to apply a same fix for alloca on nscd/pwdcache.c.
--
You are receiving this mail because:
You are on the CC list for the bug.