Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 30 Dec 2013 19:17:49 +0000 (UTC)
From: David Wuertele <dave+gmane@...rtele.com>
To: musl@...ts.openwall.com
Subject: Re: NULL deref SEGV in malloc.c:unbin()

I found the root cause of the SEGV, I was calling closedir() on the
same dir pointer twice (quite some time before the SEGV).

I assume that the behavior of closedir() is undefined when used this
way, so my program now makes sure not to do that.

But it seems a poor implementation that a double call to closedir
should result in memory corruption, and it seems a bug in malloc()
that a closedir/opendir sequence can cause it to SEGV.

I tried to reduce my program to just this behavior so that I could
give you a test case, but the SEGV did not occur with just the
opendir/closedir sequence my program calls.

Dave


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.