Bug 431832
| Summary: | sscanf() crashes when using the %as format | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Sergei Poselenov <sposelenov> |
| Component: | glibc | Assignee: | Jakub Jelinek <jakub> |
| Status: | CLOSED RAWHIDE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | 8 | CC: | drepper |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | i386 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2008-03-13 03:04:51 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
This is fixed in rawhide. |
Description of problem: Summary say it all Version-Release number of selected component (if applicable): glibc-2.7-2 How reproducible: Easily Steps to Reproduce: The failed program: #include <stdio.h> main() { char *path = NULL, *line; int nbargs; line = " "; nbargs = sscanf (line, "%as", &path); printf("nbargs %d\n", nbargs); } 1. gcc -o t t.c 2. ./t 3. Actual results: *** glibc detected *** ./t: double free or corruption (out): 0xbfc4e1e0 *** ======= Backtrace: ========= /lib/libc.so.6[0xcefac1] /lib/libc.so.6(cfree+0x90)[0xcf30f0] /lib/libc.so.6(_IO_vfscanf+0x906)[0xcd0b66] /lib/libc.so.6(vsscanf+0x91)[0xce10c1] /lib/libc.so.6(_IO_sscanf+0x2e)[0xcdbdae] ./t[0x804842d] /lib/libc.so.6(__libc_start_main+0xe0)[0xc9c390] ./t[0x8048341] ======= Memory map: ======== 00110000-00111000 r-xp 00110000 00:00 0 [vdso] 001bb000-001d6000 r-xp 00000000 fd:00 6876214 /lib/ld-2.7.so 001d6000-001d7000 r-xp 0001a000 fd:00 6876214 /lib/ld-2.7.so 001d7000-001d8000 rwxp 0001b000 fd:00 6876214 /lib/ld-2.7.so 00c86000-00dd9000 r-xp 00000000 fd:00 6876215 /lib/libc-2.7.so 00dd9000-00ddb000 r-xp 00153000 fd:00 6876215 /lib/libc-2.7.so 00ddb000-00ddc000 rwxp 00155000 fd:00 6876215 /lib/libc-2.7.so 00ddc000-00ddf000 rwxp 00ddc000 00:00 0 04ca9000-04cb4000 r-xp 00000000 fd:00 6876239 /lib/libgcc_s-4.1.2-20070925.so.1 04cb4000-04cb5000 rwxp 0000a000 fd:00 6876239 /lib/libgcc_s-4.1.2-20070925.so.1 08048000-08049000 r-xp 00000000 fd:00 6710944 /root/t 08049000-0804a000 rw-p 00000000 fd:00 6710944 /root/t 08181000-081a2000 rw-p 08181000 00:00 0 b7e00000-b7e21000 rw-p b7e00000 00:00 0 b7e21000-b7f00000 ---p b7e21000 00:00 0 b7faa000-b7fac000 rw-p b7faa000 00:00 0 bfc3a000-bfc4f000 rw-p bffea000 00:00 0 [stack] Aborted Expected results: "nbargs -1" Additional info: Known to work on FC-6, F-7, glibc-2.6 (powerpc port).