Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 201646 - glibc-2.7 crashes on sscanf("", "%as", &foo)
Summary: glibc-2.7 crashes on sscanf("", "%as", &foo)
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: [OLD] Core system (show other bugs)
Hardware: All All
: High normal
Assignee: Gentoo Toolchain Maintainers
URL: http://sources.redhat.com/bugzilla/sh...
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2007-12-08 02:50 UTC by SpanKY
Modified: 2007-12-11 04:39 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description SpanKY gentoo-dev 2007-12-08 02:50:32 UTC 
looks like glibc-2.7 crashes when using the allocation flag to scanf() and reading of strings, and the input string is an empty string

got verification from various sources/arches ... here's the output on ppc

*** glibc detected *** ./a.out: munmap_chunk(): invalid pointer: 0xff9360a0 ***
======= Backtrace: =========
/lib/libc.so.6[0xfec0318]
/lib/libc.so.6(_IO_vfscanf+0x15bc)[0xfe9d16c]
/lib/libc.so.6(vsscanf+0x94)[0xfeae0b4]
/lib/libc.so.6(_IO_sscanf+0x84)[0xfea6c04]
./a.out[0x100004d0]
/lib/libc.so.6[0xfe5eb00]
/lib/libc.so.6[0xfe5ecc0]
======= Memory map: ========
00100000-00103000 r-xp 00100000 00:00 0                                  [vdso]
0fe40000-0ff9c000 r-xp 00000000 08:04 20889953                           /lib/libc-2.7.so
0ff9c000-0ffac000 ---p 0015c000 08:04 20889953                           /lib/libc-2.7.so
0ffac000-0ffb0000 r--p 0015c000 08:04 20889953                           /lib/libc-2.7.so
0ffb0000-0ffb1000 rw-p 00160000 08:04 20889953                           /lib/libc-2.7.so
0ffb1000-0ffb4000 rw-p 0ffb1000 00:00 0
0ffc0000-0ffdf000 r-xp 00000000 08:04 20889952                           /lib/ld-2.7.so
0ffef000-0fff0000 r--p 0001f000 08:04 20889952                           /lib/ld-2.7.so
0fff0000-0fff1000 rw-p 00020000 08:04 20889952                           /lib/ld-2.7.so
10000000-10001000 r-xp 00000000 08:04 8921485                            /usr/local/src/blackfin/svn/toolchain/branches/toolchain_07r1_branch/genext2fs/build/a.out
10010000-10011000 r--p 00000000 08:04 8921485                            /usr/local/src/blackfin/svn/toolchain/branches/toolchain_07r1_branch/genext2fs/build/a.out
10011000-10012000 rw-p 00001000 08:04 8921485                            /usr/local/src/blackfin/svn/toolchain/branches/toolchain_07r1_branch/genext2fs/build/a.out
10012000-10033000 rwxp 10012000 00:00 0                                  [heap]
f7fd5000-f7fd7000 rw-p f7fd5000 00:00 0
ff922000-ff938000 rw-p ffffffea000 00:00 0                               [stack]
Aborted
Comment 1 SpanKY gentoo-dev 2007-12-08 02:50:54 UTC 
test code:
int main() { char *path; return sscanf ("", "%as", &path); }
Comment 2 SpanKY gentoo-dev 2007-12-10 01:13:32 UTC 
fixed in glibc-2.7-r1
Comment 4 Norberto Bensa 2007-12-11 04:24:19 UTC 
Is this fix the cause of samba, cups, and kopete (so far) crashing?

I'm currently re-emerging 2.7-r0, but I can make some tests if you guide me.
Comment 5 Norberto Bensa 2007-12-11 04:39:05 UTC 
Ignore my last message. Cups and Samba are crashing because of libgcrypt-1.4.0.