Bug 110854
Summary: | ctime function crash data in memory allocated before his first call | ||
---|---|---|---|
Product: | [Retired] Red Hat Linux | Reporter: | Iosvany Moya Cruz <imoya> |
Component: | libc | Assignee: | Jakub Jelinek <jakub> |
Status: | CLOSED NOTABUG | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | 9 | ||
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | i686 | ||
OS: | Linux | ||
URL: | http://www.chasqui.cu | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2003-12-02 16:32:16 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Iosvany Moya Cruz
2003-11-24 21:39:23 UTC
Your testcase is buggy. (char *)(newnode + sizeof(list_t)); may well point beyond end of the allocated buffer and if not (e.g. when the string is long), certainly the end of the string will overflow the buffer. Guess you meant either (char *)(newnode + 1) or (char *) newnode + sizeof(list_t). |