[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Memleak in glob()
From: |
Tim Rühsen |
Subject: |
Re: Memleak in glob() |
Date: |
Mon, 3 Jul 2017 11:25:54 +0200 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1 |
Password reset at
https://sourceware.org/bugzilla/enter_bug.cgi?product=glibc currently
doesn't work (yes, also checked in spam dir). Don't remember my pw, too
long ago.
So maybe someone else can open a bug with a link to this thread !?
With Best Regards, Tim
On 07/03/2017 01:22 AM, Paul Eggert wrote:
> On 07/01/2017 01:44 PM, Tim Rühsen wrote:
>> Hi,
>>
>> fuzzing glob.c immediately discovered a leak.
>>
>> At ~L600 in glob.c, 'dirname' is heap allocated.
>> It is free'd at label 'out', but some code paths directly return without
>> jumping there.
>>
>> Attached is a patch fixing the issue for me, but just take it as a
>> proof of
>> concept. You might prefer a different approach.
>>
>> Regards, Tim
>
> glob.c is taken from glibc, right? Have you investigated whether these
> problems have been reported and/or fixed in glibc?
>
>
>
signature.asc
Description: OpenPGP digital signature
Re: Memleak in glob(), Paul Eggert, 2017/07/02