This is the mail archive of the glibc-bugs@sources.redhat.com mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug libc/968] New: Integer overflow in strxfrm_l.c

From: "barbier at linuxfr dot org" <sourceware-bugzilla at sources dot redhat dot com>
To: glibc-bugs at sources dot redhat dot com
Date: 24 May 2005 21:02:14 -0000
Subject: [Bug libc/968] New: Integer overflow in strxfrm_l.c
Reply-to: sourceware-bugzilla at sources dot redhat dot com

libc/string/strxfrm_l.c contains the following lines:
   /* Handle the pushed elements now.  */
   size_t backw;
   for (backw = idxcnt - 1; backw >= backw_stop; --backw)

If backw_stop is 0. the end test never fails.

This never happens in practice because localedef is broken
(see BZ#645) and stores a single
  order_start forward;forward;forward;forward,position
rule, and hence the backward directive is never processed.
But this bug arises when the patch sent to BZ#645 is applied.

-- 
           Summary: Integer overflow in strxfrm_l.c
           Product: glibc
           Version: 2.3.5
            Status: NEW
          Severity: normal
          Priority: P2
         Component: libc
        AssignedTo: gotom at debian dot or dot jp
        ReportedBy: barbier at linuxfr dot org
                CC: glibc-bugs at sources dot redhat dot com
OtherBugsDependingO 645
             nThis:


http://sources.redhat.com/bugzilla/show_bug.cgi?id=968

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

Follow-Ups:
- [Bug libc/968] Integer overflow in strxfrm_l.c
  - From: barbier at linuxfr dot org

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]