Bug#453408: marked as done (libc6: sscanf dies on an empty string if %as is used)

Wed, 19 Dec 2007 11:00:56 -0800 

Your message dated Wed, 19 Dec 2007 18:32:08 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#453408: fixed in glibc 2.7-5
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message --- 
Package: libc6
Version: 2.7-2
Severity: normal

the following code can show you that sscanf() on empty string gets
invalid pointer if %as is used.

        #include <stdio.h>
        
        int main()
        {
                char *buf = "";
                char *str;
        
                sscanf (buf, "%as", &str);
                printf("%s\n", str);
        
                return 0;
        }

a backtrace is below. Hope I'm not doing anything stupid.

regards,
-- 
           yashi


(gdb) r
Starting program: /tmp/a.out 
*** glibc detected *** /tmp/a.out: munmap_chunk(): invalid pointer: 
0x00007fff5f9a89b0 ***
======= Backtrace: =========
/usr/lib/debug/libc.so.6(cfree+0x1b6)[0x2b614b395d06]
/usr/lib/debug/libc.so.6(_IO_vfscanf+0x239f)[0x2b614b37329f]
/usr/lib/debug/libc.so.6(vsscanf+0x75)[0x2b614b383c85]
/usr/lib/debug/libc.so.6(_IO_sscanf+0x88)[0x2b614b37e8b8]
/tmp/a.out[0x40050f]
/usr/lib/debug/libc.so.6(__libc_start_main+0xf4)[0x2b614b33c1c4]
/tmp/a.out[0x400459]
======= Memory map: ========
00400000-00401000 r-xp 00000000 08:21 1457336                            
/tmp/a.out
00600000-00601000 rw-p 00000000 08:21 1457336                            
/tmp/a.out
00601000-00622000 rw-p 00601000 00:00 0                                  [heap]
2b614b100000-2b614b11d000 r-xp 00000000 08:21 292480                     
/lib/ld-2.7.so
2b614b11d000-2b614b120000 rw-p 2b614b11d000 00:00 0 
2b614b31c000-2b614b31e000 rw-p 0001c000 08:21 292480                     
/lib/ld-2.7.so
2b614b31e000-2b614b472000 r-xp 00000000 08:21 23996                      
/usr/lib/debug/libc-2.7.so
2b614b472000-2b614b672000 ---p 00154000 08:21 23996                      
/usr/lib/debug/libc-2.7.so
2b614b672000-2b614b676000 r--p 00154000 08:21 23996                      
/usr/lib/debug/libc-2.7.so
2b614b676000-2b614b677000 rw-p 00158000 08:21 23996                      
/usr/lib/debug/libc-2.7.so
2b614b677000-2b614b67d000 rw-p 2b614b677000 00:00 0 
2b614b693000-2b614b6a9000 r-xp 00000000 08:21 31449                      
/lib/libgcc_s.so.1
2b614b6a9000-2b614b8a8000 ---p 00016000 08:21 31449                      
/lib/libgcc_s.so.1
2b614b8a8000-2b614b8a9000 rw-p 00015000 08:21 31449                      
/lib/libgcc_s.so.1
7fff5f995000-7fff5f9aa000 rw-p 7fff5f995000 00:00 0                      [stack]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vdso]

Program received signal SIGABRT, Aborted.
0x00002b614b34ffd5 in *__GI_raise (sig=<value optimized out>)
    at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
(gdb) bt
#0  0x00002b614b34ffd5 in *__GI_raise (sig=<value optimized out>)
    at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#1  0x00002b614b351a30 in *__GI_abort () at abort.c:88
#2  0x00002b614b38aa8b in __libc_message (do_abort=2, 
    fmt=0x2b614b4458e8 "*** glibc detected *** %s: %s: 0x%s ***\n")
    at ../sysdeps/unix/sysv/linux/libc_fatal.c:170
#3  0x00002b614b395d06 in *__GI___libc_free (mem=<value optimized out>) at 
malloc.c:5891
#4  0x00002b614b37329f in _IO_vfscanf_internal (s=0x7fff5f9a8f30, format=<value 
optimized out>, 
    argptr=0x7fff5f9a9050, errp=0x0) at vfscanf.c:2846
#5  0x00002b614b383c85 in _IO_vsscanf (string=0x40060c "", format=0x40060d 
"%as", 
    args=0x7fff5f9a9050) at iovsscanf.c:45
#6  0x00002b614b37e8b8 in __sscanf (s=0x476e <Address 0x476e out of bounds>, 
    format=0x476e <Address 0x476e out of bounds>) at sscanf.c:34
#7  0x000000000040050f in main () at scanf-bug.c:8
(gdb) 






-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.22-3-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages libc6 depends on:
ii  libgcc1                 1:4.3-20070930-1 GCC support library

libc6 recommends no packages.

-- debconf information:
  glibc/restart-failed:
  glibc/restart-services:

--- End Message ---
--- Begin Message --- 
Source: glibc
Source-Version: 2.7-5

We believe that the bug you reported is fixed in the latest version of
glibc, which is due to be installed in the Debian FTP archive:

glibc-doc_2.7-5_all.deb
  to pool/main/g/glibc/glibc-doc_2.7-5_all.deb
glibc_2.7-5.diff.gz
  to pool/main/g/glibc/glibc_2.7-5.diff.gz
glibc_2.7-5.dsc
  to pool/main/g/glibc/glibc_2.7-5.dsc
libc6-dbg_2.7-5_amd64.deb
  to pool/main/g/glibc/libc6-dbg_2.7-5_amd64.deb
libc6-dev-i386_2.7-5_amd64.deb
  to pool/main/g/glibc/libc6-dev-i386_2.7-5_amd64.deb
libc6-dev_2.7-5_amd64.deb
  to pool/main/g/glibc/libc6-dev_2.7-5_amd64.deb
libc6-i386_2.7-5_amd64.deb
  to pool/main/g/glibc/libc6-i386_2.7-5_amd64.deb
libc6-pic_2.7-5_amd64.deb
  to pool/main/g/glibc/libc6-pic_2.7-5_amd64.deb
libc6-prof_2.7-5_amd64.deb
  to pool/main/g/glibc/libc6-prof_2.7-5_amd64.deb
libc6-udeb_2.7-5_amd64.udeb
  to pool/main/g/glibc/libc6-udeb_2.7-5_amd64.udeb
libc6_2.7-5_amd64.deb
  to pool/main/g/glibc/libc6_2.7-5_amd64.deb
libnss-dns-udeb_2.7-5_amd64.udeb
  to pool/main/g/glibc/libnss-dns-udeb_2.7-5_amd64.udeb
libnss-files-udeb_2.7-5_amd64.udeb
  to pool/main/g/glibc/libnss-files-udeb_2.7-5_amd64.udeb
locales-all_2.7-5_amd64.deb
  to pool/main/g/glibc/locales-all_2.7-5_amd64.deb
locales_2.7-5_all.deb
  to pool/main/g/glibc/locales_2.7-5_all.deb
nscd_2.7-5_amd64.deb
  to pool/main/g/glibc/nscd_2.7-5_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Aurelien Jarno <[EMAIL PROTECTED]> (supplier of updated glibc package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Wed, 19 Dec 2007 01:22:06 +0100
Source: glibc
Binary: libc0.1-prof libc6.1-alphaev67 libc6-dev-amd64 locales-all libc6-i686 
libc6-dev-ppc64 libc0.3-pic glibc-doc libc0.3 libc6-dev-mipsn32 libc0.1-i686 
libc0.1-i386 libc6-mips64 libc6.1-dev libc6-s390x libnss-files-udeb 
libc0.1-dev-i386 libc6-dev-sparc64 libc6-i386 libc0.3-dev libc6-udeb libc6-dbg 
libc6.1-pic libc6-dev libc0.3-prof libc0.1-udeb libc6-dev-i386 libc6.1-prof 
libc6-mipsn32 libc0.1-dev locales libc6-pic libc0.3-udeb libc6-dev-powerpc 
libc0.1-pic libc6-ppc64 libc0.3-dbg libc0.1-dbg libc6-amd64 libc0.1 libc6-prof 
libc6-xen libc6-dev-mips64 libc6-powerpc libc6 libc6-sparcv9b libc6.1-udeb 
libc6.1-dbg nscd libc6-sparc64 libnss-dns-udeb libc6.1 libc6-dev-s390x
Architecture: source amd64 all
Version: 2.7-5
Distribution: unstable
Urgency: low
Maintainer: Aurelien Jarno <[EMAIL PROTECTED]>
Changed-By: Aurelien Jarno <[EMAIL PROTECTED]>
Description: 
 glibc-doc  - GNU C Library: Documentation
 libc6      - GNU C Library: Shared libraries
 libc6-dbg  - GNU C Library: Libraries with debugging symbols
 libc6-dev  - GNU C Library: Development Libraries and Header Files
 libc6-dev-i386 - GNU C Library: 32bit development libraries for AMD64
 libc6-i386 - GNU C Library: 32bit shared libraries for AMD64
 libc6-pic  - GNU C Library: PIC archive library
 libc6-prof - GNU C Library: Profiling Libraries
 libc6-udeb - GNU C Library: Shared libraries - udeb (udeb)
 libnss-dns-udeb - GNU C Library: NSS helper for DNS - udeb (udeb)
 libnss-files-udeb - GNU C Library: NSS helper for files - udeb (udeb)
 locales    - GNU C Library: National Language (locale) data [support]
 locales-all - GNU C Library: Precompiled locale data
 nscd       - GNU C Library: Name Service Cache Daemon
Closes: 453408 453899 455603 455783 456260 456779
Changes: 
 glibc (2.7-5) unstable; urgency=low
 .
   [ Aurelien Jarno ]
   * Moved merged parts of patches/any/submitted-sched_h.diff into
     patches/any/cvs-sched_h.diff.
   * patches/any/cvs-ether_line.diff: new patch from upstream to fix
     ether_line().  Closes: bug#453899.
   * patches/any/cvs-vfscanf.diff: new patch from upstream to fix
     crash when %as is used with sscanf().  Closes: bug#453408.
   * debian/rules: also set CXX when cross-compiling.
   * patches/any/submitted-malloc_h.diff: removed, replaced by
     patches/any/cvs-wchar_h.diff.
   * debian/sysdeps/depflags.pl: conflict against tzdata (<< 2007j-2) as
     etch now have version 2007j-1etch1.  Closes: bug#455783.
   * debian/sysdeps/depflags.pl: suggests libc6-i686 on i386 architecture.
     Closes: bug#455603.
   * any/submitted-rfc3484-labels.diff: new patch to fix RFC 3484 default
     label ordering.  Closes: bug#456779.
   * patches/alpha/local-dl-procinfo.diff: add missing part.  Closes:
     bug#456260.
 .
   [ Petr Salinger]
   * kfreebsd/local-sysdeps.diff: update to revision 2082 (from glibc-bsd).
   * any/cvs-fchmodat.diff: properly declare as stub - needed by GNU/kFreeBSD.
 .
   [ Samuel Thibault]
   * patches/hurd-i386/submitted-ioctl-unsigned-size_t.diff: update to also
     handle unsigned char/int/short/long and ssize_t.
Files: 
 361dd96941a59f2aef46bb9ad9ba3ee6 2072 libs required glibc_2.7-5.dsc
 0011d41ff261625c1754af61040c64a3 675390 libs required glibc_2.7-5.diff.gz
 975f3462f7d8774f2a81aaa8c0fc60f5 1623962 doc optional glibc-doc_2.7-5_all.deb
 5abfe8de9c1edaffc49e5273a0cfb321 4486002 libs standard locales_2.7-5_all.deb
 2d70d766d5c721c3486071635344e263 4992748 libs required libc6_2.7-5_amd64.deb
 ebf51cbd7a6f29c0a2fadf2a98469218 2530166 libdevel optional 
libc6-dev_2.7-5_amd64.deb
 884738826550a7bbe3e80ec562e94bff 1961766 libdevel extra 
libc6-prof_2.7-5_amd64.deb
 77a6841b1962ed27e3a453d93048d889 1481630 libdevel optional 
libc6-pic_2.7-5_amd64.deb
 541ac14a7f00ef0916e5f2be5ab12444 2730022 libs extra locales-all_2.7-5_amd64.deb
 398e6f6a56d4398bc55aabb3cebc5054 3735604 libs optional 
libc6-i386_2.7-5_amd64.deb
 7f8d5b40c4cb1cafb43177a9fe062d28 1430482 libdevel optional 
libc6-dev-i386_2.7-5_amd64.deb
 5265a7d9c9b0ac1edb308ddfeb1cc2f6 170498 admin optional nscd_2.7-5_amd64.deb
 a5b657ed998b8f9bd43cc5ff24f06a6e 5317476 libdevel extra 
libc6-dbg_2.7-5_amd64.deb
 8c903d8677e3829c7237ca50e61e6be0 1129200 debian-installer extra 
libc6-udeb_2.7-5_amd64.udeb
 d7d190f4ef4276a128f3360588248c70 9744 debian-installer extra 
libnss-dns-udeb_2.7-5_amd64.udeb
 88126b6ec721be6fb1b377019fd5e068 18012 debian-installer extra 
libnss-files-udeb_2.7-5_amd64.udeb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHaVGJw3ao2vG823MRAls+AJ9FC6Kzv1jK5rSRnESBR6O2yeppyACeP7Pt
4djm+On05Bb5rZJRIXAAgS8=
=HVLP
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to