bug-cvs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug #35432] cvs rls results in %n in writable segment detected

From: anonymous
Subject: [bug #35432] cvs rls results in %n in writable segment detected
Date: Wed, 01 Feb 2012 23:00:55 +0000
User-agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; WOW64; Trident/5.0) 
URL:
  <http://savannah.nongnu.org/bugs/?35432>

                 Summary: cvs rls results in %n in writable segment detected 
                 Project: Concurrent Versions System
            Submitted by: None
            Submitted on: ons  1 feb 2012 23.00.54
                Category: Bug Report
                Severity: 3 - Normal
              Item Group: None
                  Status: None
                 Privacy: Public
             Assigned to: None
             Open/Closed: Open
                 Release: 
         Discussion Lock: Any
           Fixed Release: None
   Fixed Feature Release: None

    _______________________________________________________

Details:

I downloaded and compiled the cvs-1.12.13.tar.gz file.
used gcc (Ubuntu 4.3.2-1ubuntu12) 4.3.2

Then when I (or via redmine/cvs) use the cvs rls command I got a lot of :
*** %n in writable segment detected ***
Terminated with fatal signal 11

I did a simple grep "%n" -R * and found something in the file
lib/vasnprintf.c

more google/browsing found

http://git.savannah.gnu.org/cgit/gnulib.git/commit/lib/vasnprintf.c?id=913c09becd9df89dbd9b9f386e7f35c240d5efe8

did a minimal change in lib/vasnprintf.c

# if !(__GLIBC__ > 2 || (__GLIBC__ == 2 && __GLIBC_MINOR__ >= 3))
                p[1] = '%';
                p[2] = 'n';
                p[3] = '\0';
#else

                /* On glibc2 systems from glibc >= 2.3 - probably also older
                   ones - we know that snprintf's returns value conforms to
                   ISO C 99: the gl_SNPRINTF_DIRECTIVE_N test passes.
                   Therefore we can avoid using %n in this situation.
                   On glibc2 systems from 2004-10-18 or newer, the use of %n
                   in format strings in writable memory may crash the program
                   (if compiled with _FORTIFY_SOURCE=2), so we should avoid it
                   in this situation.  */
                p[1] = '\0';
#endif

and now it works!

I also found the bug #29199 which may apply to this.





    _______________________________________________________

Reply to this item at:

  <http://savannah.nongnu.org/bugs/?35432>

_______________________________________________
  Meddelandet skickades via/av Savannah
  http://savannah.nongnu.org/
reply via email to
[Prev in Thread] Current Thread [Next in Thread]