Bug 110854
| Summary: | ctime function crash data in memory allocated before his first call | ||
|---|---|---|---|
| Product: | [Retired] Red Hat Linux | Reporter: | Iosvany Moya Cruz <imoya> |
| Component: | libc | Assignee: | Jakub Jelinek <jakub> |
| Status: | CLOSED NOTABUG | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | 9 | ||
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | i686 | ||
| OS: | Linux | ||
| URL: | http://www.chasqui.cu | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2003-12-02 16:32:16 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Your testcase is buggy. (char *)(newnode + sizeof(list_t)); may well point beyond end of the allocated buffer and if not (e.g. when the string is long), certainly the end of the string will overflow the buffer. Guess you meant either (char *)(newnode + 1) or (char *) newnode + sizeof(list_t). |
Description of problem: The follow code makes a wrong output but if we uncomment the line "//ctime(&bug);" -> "ctime(&bug);" it make a right output. evidently ctime() funciton from the standard library crash the data... Ups this is a bug or not!!?? -- start code -- #include <stdio.h> #include <string.h> #include <time.h> typedef struct list_struct { char *string; struct list_struct *next;} list_t; static list_t *head_ptr = NULL; int main(int argc, char *argv[]) { char cmd[8912];list_t *newnode;time_t bug; time(&bug); // ctime(&bug); while(fgets(cmd, 8912, stdin) != NULL) { if (*(cmd + strlen(cmd) - 1) == '\n') *(cmd + strlen(cmd) - 1) = 0; newnode = (list_t *)(malloc(sizeof(list_t) + strlen(cmd) + 1)) ; newnode->string = (char *)(newnode + sizeof(list_t)); strcpy( newnode->string, cmd ); newnode->next = head_ptr; head_ptr = newnode; } while (head_ptr != NULL) { printf("%s afterwards %s\n",head_ptr->string, ctime(&bug)); head_ptr = head_ptr->next; } return 0; } -- end code -- Version-Release number of selected component (if applicable): glibc-2.3.2-11.9 How reproducible: Every time Steps to Reproduce: 1.allocate memory for more than one char* 2.first call to ctime() after step 1 3.prints the char* Actual results: the first char* is OK but rest are crashed Expected results: All char* be OK Additional info: If we makes the first call to ctime function before allocate memory to our char* every things are all right...