[Bug 6512] New: Data corruption caused by realloc()
bugzilla at busybox.net
bugzilla at busybox.net
Wed Sep 25 09:01:57 UTC 2013
https://bugs.busybox.net/show_bug.cgi?id=6512
Summary: Data corruption caused by realloc()
Product: uClibc
Version: unspecified
Platform: All
OS/Version: All
Status: NEW
Severity: critical
Priority: P5
Component: Other
AssignedTo: unassigned at uclibc.org
ReportedBy: sss at secomea.com
CC: uclibc-cvs at uclibc.org
Estimated Hours: 0.0
Created attachment 5060
--> https://bugs.busybox.net/attachment.cgi?id=5060
Patch for realloc() data corruption
In some cases data gets corrupted by calling realloc().
This happens when the size of the original memory blob is small (*) and the new
blob is allocated at a different location.
In this case, parts of the original memory doesn't get copied but will contain
random data.
(*) Specifically, if the original size is exactly 16, 24, or 32 bytes (on
32-bit architectures).
Needless to say, memory corruption can be very hard to track down and cause all
kinds of unpredictable behavior and unreproducable errors (speaking by
experience here), so this is a critical bug.
The attached patch fixes the issue.
Note that while the patch is based on uClibc-0.9.31, the bug is still present
in current (0.9.33.2) uClibc.
--
Configure bugmail: https://bugs.busybox.net/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
More information about the uClibc-cvs
mailing list