This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug libc/3082] New: fopen corrupts file name buffer when file name is 44 chars long
- From: "jlange6648 at gmail dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sources dot redhat dot com
- Date: 17 Aug 2006 18:00:38 -0000
- Subject: [Bug libc/3082] New: fopen corrupts file name buffer when file name is 44 chars long
- Reply-to: sourceware-bugzilla at sourceware dot org
calling fopen on a char* buffer that has been malloc'd and coppied into useing
strcpy, corrupts the buffer, and uses the wrong file name when the string is 44
chars long.
This does not happen if the string is 43 or 45 chars long, or if the buffer
hasen't been malloc'd and coppied into.
the following program below demonstrates the flaw.
I have made this fail on Fedora Core 4 (x86) and gentoo 2005.1(x86), however on
SuSE 10.1 x86_64, it does not fail.
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
char *NAME="12345678901234567890123456789012345678901234";
int main(int argc, char** argv)
{
char *filename=NULL;
FILE * file;
filename = (char*)malloc(strlen(NAME) * sizeof(char));
strcpy(filename, NAME);
printf("filename before: %s\n",filename);
file = fopen((const char*)filename, "w");
printf("filename after: %s\n",filename);
if(file == NULL)
{
perror("fopen");
exit(1);
}
fclose(file);
free(filename);
exit(0);
}
--
Summary: fopen corrupts file name buffer when file name is 44
chars long
Product: glibc
Version: 2.3.6
Status: NEW
Severity: normal
Priority: P2
Component: libc
AssignedTo: drepper at redhat dot com
ReportedBy: jlange6648 at gmail dot com
CC: glibc-bugs at sources dot redhat dot com
GCC build triplet: i686-pc-linux-gnu
GCC host triplet: i686-pc-linux-gnu
GCC target triplet: i686-pc-linux-gnu
http://sourceware.org/bugzilla/show_bug.cgi?id=3082
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.