[arijort@valinux.com: [VA-Tech] bug in glibc-2.1.1]
H . J . Lu
hjl@valinux.com
Sat Mar 25 10:43:00 GMT 2000
Any comments?
H.J.
---
A developer here seems to have pinpointed the bug in
random_r.c (line 375) part of glibc-2.1.1-6. see below.
---------- Forwarded message ----------
Date: Fri, 24 Mar 2000 13:55:27 -0500 (EST)
From: John Mizel <John.Mizel@msdw.com>
To: Brian Redman <ber@ms.com>, Erik Berg <eb@ms.com>,
Mike Sklar <sklarm@ms.com>
Subject: this looks like a bug
random_r.c
__setstate_r (arg_state, buf)
{
...
type = new_state[0] % MAX_TYPES;
if (type < TYPE_0 || type >= TYPE_4)
goto fail;
...
}
Where MAX_TYPES is 5, so if the type is 4 it will still fail. Probably
should be:
type = new_state[0] % MAX_TYPES;
if (type < TYPE_0 || type > TYPE_4)
goto fail;
More information about the Libc-hacker
mailing list