201646 2007-12-08 02:50 0000 glibc-2.7 crashes on sscanf("", "%as", &foo) 2007-12-11 04:39:05 0000 1 1 1 Unclassified Gentoo Linux Core system unspecified All All RESOLVED FIXED http://sources.redhat.com/bugzilla/show_bug.cgi?id=5441 P2 normal --- 1 vapier@gentoo.org toolchain@gentoo.org nbensa@gmail.com vapier@gentoo.org 2007-12-08 02:50:32 0000 looks like glibc-2.7 crashes when using the allocation flag to scanf() and reading of strings, and the input string is an empty string got verification from various sources/arches ... here's the output on ppc *** glibc detected *** ./a.out: munmap_chunk(): invalid pointer: 0xff9360a0 *** ======= Backtrace: ========= /lib/libc.so.6[0xfec0318] /lib/libc.so.6(_IO_vfscanf+0x15bc)[0xfe9d16c] /lib/libc.so.6(vsscanf+0x94)[0xfeae0b4] /lib/libc.so.6(_IO_sscanf+0x84)[0xfea6c04] ./a.out[0x100004d0] /lib/libc.so.6[0xfe5eb00] /lib/libc.so.6[0xfe5ecc0] ======= Memory map: ======== 00100000-00103000 r-xp 00100000 00:00 0 [vdso] 0fe40000-0ff9c000 r-xp 00000000 08:04 20889953 /lib/libc-2.7.so 0ff9c000-0ffac000 ---p 0015c000 08:04 20889953 /lib/libc-2.7.so 0ffac000-0ffb0000 r--p 0015c000 08:04 20889953 /lib/libc-2.7.so 0ffb0000-0ffb1000 rw-p 00160000 08:04 20889953 /lib/libc-2.7.so 0ffb1000-0ffb4000 rw-p 0ffb1000 00:00 0 0ffc0000-0ffdf000 r-xp 00000000 08:04 20889952 /lib/ld-2.7.so 0ffef000-0fff0000 r--p 0001f000 08:04 20889952 /lib/ld-2.7.so 0fff0000-0fff1000 rw-p 00020000 08:04 20889952 /lib/ld-2.7.so 10000000-10001000 r-xp 00000000 08:04 8921485 /usr/local/src/blackfin/svn/toolchain/branches/toolchain_07r1_branch/genext2fs/build/a.out 10010000-10011000 r--p 00000000 08:04 8921485 /usr/local/src/blackfin/svn/toolchain/branches/toolchain_07r1_branch/genext2fs/build/a.out 10011000-10012000 rw-p 00001000 08:04 8921485 /usr/local/src/blackfin/svn/toolchain/branches/toolchain_07r1_branch/genext2fs/build/a.out 10012000-10033000 rwxp 10012000 00:00 0 [heap] f7fd5000-f7fd7000 rw-p f7fd5000 00:00 0 ff922000-ff938000 rw-p ffffffea000 00:00 0 [stack] Aborted vapier@gentoo.org 2007-12-08 02:50:54 0000 test code: int main() { char *path; return sscanf ("", "%as", &path); } vapier@gentoo.org 2007-12-10 01:13:32 0000 fixed in glibc-2.7-r1 vapier@gentoo.org 2007-12-10 01:15:04 0000 http://sources.gentoo.org/gentoo/src/patchsets/glibc/2.7/0050_all_glibc-2.7-sscanf-as-BZ5441.patch?rev=1.1 nbensa@gmail.com 2007-12-11 04:24:19 0000 Is this fix the cause of samba, cups, and kopete (so far) crashing? I'm currently re-emerging 2.7-r0, but I can make some tests if you guide me. nbensa@gmail.com 2007-12-11 04:39:05 0000 Ignore my last message. Cups and Samba are crashing because of libgcrypt-1.4.0.