bug-bash
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Using systemd-249's libnss_systemd.so.2 triggers a crash in bash-5.1

From: Andreas Schwab
Subject: Re: Using systemd-249's libnss_systemd.so.2 triggers a crash in bash-5.1's malloc.c
Date: Tue, 05 Oct 2021 00:15:32 +0200
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) 
On Okt 04 2021, Chet Ramey wrote:

> You'd think. This is the kind of overflow that will produce that error
> message from the bash malloc:

Only after the fact.  valgrind finds it before it is happening, and even
if the overflow hits a padding between memory blocks.

$ valgrind ./a.out 
==31974== Memcheck, a memory error detector
==31974== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==31974== Using Valgrind-3.16.1 and LibVEX; rerun with -h for copyright info
==31974== Command: ./a.out
==31974== 
==31974== Invalid write of size 1
==31974==    at 0x4006CB: main (in /home/andreas/a.out)
==31974==  Address 0x5213068 is 0 bytes after a block of size 40 alloc'd
==31974==    at 0x4C312EF: malloc (in 
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==31974==    by 0x40068F: main (in /home/andreas/a.out)
==31974== 
==31974== Invalid write of size 1
==31974==    at 0x4006ED: main (in /home/andreas/a.out)
==31974==  Address 0x521318a is 0 bytes after a block of size 218 alloc'd
==31974==    at 0x4C338CF: realloc (in 
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==31974==    by 0x4006DE: main (in /home/andreas/a.out)

Andreas.

-- 
Andreas Schwab, schwab@linux-m68k.org
GPG Key fingerprint = 7578 EB47 D4E5 4D69 2510  2552 DF73 E780 A9DA AEC1
"And now for something completely different."
reply via email to
[Prev in Thread] Current Thread [Next in Thread]