Re: heap-use-after-free in rpl

bug-gnulib

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: heap-use-after-free in rpl_glob

From:	Paul Eggert
Subject:	Re: heap-use-after-free in rpl_glob
Date:	Fri, 17 Jan 2020 11:52:28 -0800
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.4.1

On 1/17/20 9:00 AM, Bruno Haible wrote:

Thank you very much for this report! I expect that the fix will also need
to go into glibc.


Yes, thanks, I filed a bug report here:

https://sourceware.org/bugzilla/show_bug.cgi?id=25414

It seems that your patch is incomplete, as there's a memory leak in theunlikely case that the malloc call fails. Something like the attachedpatch instead, perhaps?

0001-glob-Fix-use-after-free-bug.patch
Description: Text Data

[Prev in Thread]

Current Thread

[Next in Thread]

heap-use-after-free in rpl_glob, Tim Rühsen, 2020/01/17
- Re: heap-use-after-free in rpl_glob, Bruno Haible, 2020/01/17
  - Re: heap-use-after-free in rpl_glob, Tim Rühsen, 2020/01/17
  - Re: heap-use-after-free in rpl_glob, Paul Eggert <=
    - Re: heap-use-after-free in rpl_glob, Bruno Haible, 2020/01/17

Prev by Date: Re: heap-use-after-free in rpl_glob
Next by Date: Re: heap-use-after-free in rpl_glob
Previous by thread: Re: heap-use-after-free in rpl_glob
Next by thread: Re: heap-use-after-free in rpl_glob
Index(es):
- Date
- Thread