From Bugzilla Helper: User-Agent: Mozilla/5.0 (compatible; Konqueror/3.3; Linux) (KHTML, like Gecko) Description of problem: // following code compiled with // gcc -g -O3 -ansi -pedantic -save-temps test.c // causes: // Program received signal SIGSEGV, Segmentation fault. // 0x0040d130 in initstate_r () from /lib/tls/libc.so.6 #include<stdio.h> #include<string.h> int main() { char s[255]; sprintf(s, "%s", "ala ma kota"); strfry(s); return 0; } Version-Release number of selected component (if applicable): libc-2.3.5.so How reproducible: Always Steps to Reproduce: 1.compile the description 2.run a.out 3. Additional info: > gcc -v Reading specs from /usr/lib/gcc/i386-redhat-linux/3.4.2/specs Configured with: ../configure --prefix=/usr --mandir=/usr/share/man --infodir=/usr/share/info --enable-shared --enable-threads=posix --disable-checking --with-system-zlib --enable-__cxa_atexit --disable-libunwind-exceptions --enable-java-awt=gtk --host=i386-redhat-linux Thread model: posix gcc version 3.4.2 20041017 (Red Hat 3.4.2-6.fc3)
*** Bug 154505 has been marked as a duplicate of this bug. ***
This ought to be fixed by http://sources.redhat.com/bugzilla/show_bug.cgi?id=710#c5
(In reply to comment #2) > This ought to be fixed by > http://sources.redhat.com/bugzilla/show_bug.cgi?id=710#c5 The last patch added to that bug report (glibc-2.3.4-fix-initstate_r.patch) has an extra check to ensure buf->state is non-NULL before saving the state. This extra check doesn't seem to have made it into glibc 2.3.5, and so I get the following backtrace with the above test app: Program received signal SIGSEGV, Segmentation fault. __initstate_r (seed=3898788, arg_state=0x3b7dc0 "", n=32, buf=0x3b7da4) at random_r.c:252 252 old_state[-1] = TYPE_0; (gdb) bt #0 __initstate_r (seed=3898788, arg_state=0x3b7dc0 "", n=32, buf=0x3b7da4) at random_r.c:252 #1 0x002fab5c in strfry (string=0xbffff570 "ala ma kota") at strfry.c:35 #2 0x080483a1 in main () at test.c:9 (gdb) p old_state $1 = (int32_t *) 0x0 (gdb) p buf->state $2 = (int32_t *) 0x0 This is with glibc-2.3.5-0.fc3.1
The fix was committed to glibc CVS on Apr, 12th, so it is not in any glibc rpm yet.
Should be fixed in glibc-2.3.5-1 in rawhide.