Bug 142723
Summary: | bad input to strftime() causes a segfault | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 3 | Reporter: | Mindaugas Riauba <mindaugas> |
Component: | glibc | Assignee: | Jakub Jelinek <jakub> |
Status: | CLOSED WONTFIX | QA Contact: | Brian Brock <bbrock> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 3.0 | ||
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2004-12-28 15:16:30 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Mindaugas Riauba
2004-12-13 12:27:46 UTC
We need a self-contained testcase that reproduces this. #include <time.h> #include <sys/time.h> #include <string.h> char *bstrftime_nc(char *dt, int maxlen, unsigned long tim) { time_t ttime = (time_t)tim; struct tm tm; localtime_r(&ttime, &tm); strftime(dt, maxlen, "%d-%b-%Y %H:%M", &tm); strcpy(dt+7, dt+9); return dt; } int main (void) { char dt[50]; bstrftime_nc(dt, 50, 704); return 0; } certainly works on RHEL3 U4/x86_64. Even disas 0x0000002a95e24c05 0x0000002a95e24c05+32 (or whatever address the segfault happens at) plus rpm -qf /lib64/libc-2.3.2.so output would be helpful, given that in glibc-2.3.2-95.27.x86_64.rpm's /lib64/libc.so.6 that address points into the middle of another instruction. $ rpm -qf /lib64/libc-2.3.2.so glibc-2.3.2-95.30 And which rpm disas belongs to? disas is a gdb command (shorthand for disassemble). *c05 is not the start of an instruction in glibc-2.3.2-95.30's strftime either. Is the #4 0x0000002a95e24c05 in strftime () from /lib64/libc.so.6 segfault address really what you get with the U4 glibc? If you can reproduce the segfault, please run the program under gdb and when it reports a segfault disas $pc $pc+32, post the output here. The problem is that I cannot reproduce problem any more. You can view the initial conversation here: http://bugs.bacula.org/bug_view_advanced_page.php?bug_id=0000200 My RHES installation I believe was U3 then. Also that daemon which crashed was run with LD_ASSUME_KERNEL=2.4.19 in environment. In that case I'm afraid there is nothing to do about this. If you manage to reproduce it in the future, please try to grab more details and reopen the bug with it. |