Date: Mon, 15 Jan 2001 18:20:02 -0800 (PST) From: Tor.Egge@fast.no To: freebsd-bugs@FreeBSD.org Subject: Re: bin/15070: vfprintf/cvt/__dtoa race condition in threaded programs Message-ID: <200101160220.f0G2K2q56458@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR bin/15070; it has been noted by GNATS.
From: Tor.Egge@fast.no
To: wollman@khavrinen.lcs.mit.edu
Cc: freebsd-gnats-submit@FreeBSD.ORG
Subject: Re: bin/15070: vfprintf/cvt/__dtoa race condition in threaded programs
Date: Tue, 16 Jan 2001 03:11:04 +0100
This uncovered another old __dtoa() bug.
*resultp = (char *) malloc(i);
in the patch must be changed to
*resultp = (char *) malloc(i + 1);
in order to avoid writing beyond the end of the allocated memory.
Otherwise the sample program
#include <sys/types.h>
#include <stdio.h>
int
main(int argc,char **argv)
{
(void) malloc(4);
printf("%.23e\n", 2.4);
return 0;
}
linked with Electric Fence crashes on the i386 platform.
- Tor Egge
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200101160220.f0G2K2q56458>