[Bug 1259656] [NEW] bc uses uninitialized memory
Kees Cook
kees at ubuntu.com
Tue Dec 10 19:23:09 UTC 2013
Public bug reported:
This is http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608255 fixed in
later package versions:
bc depends on uninitialized mem:
echo "e(1)" | MALLOC_PERTURB_=1 bc -l
echo "e(1)" | MALLOC_PERTURB_=0 bc -l
2.71828182845904523536
This fixes it:
--- storage.c.orig 2010-12-21 19:43:14.663540110 +0000
+++ storage.c 2010-12-21 19:42:01.392540111 +0000
@@ -99,6 +99,7 @@
{
f = &functions[indx];
f->f_defined = FALSE;
+ f->f_void = FALSE;
f->f_body = (char *) bc_malloc (BC_START_SIZE);
f->f_body_size = BC_START_SIZE;
f->f_code_size = 0;
IMPACT:
"bc" mathlib routines fail when running under the MALLOC_PERTURB_ environment used by some paranoid people.
TEST CASE:
The command 'echo "e(1)" | MALLOC_PERTURB_=1 bc -l' should return '2.71828182845904523536' instead of nothing.
REGRESSION POTENTIAL:
Extremely low -- this fix is included in later package versions and fixes the problem.
** Affects: bc (Ubuntu)
Importance: Undecided
Status: Fix Released
** Affects: bc (Ubuntu Precise)
Importance: Undecided
Status: New
** Affects: bc (Debian)
Importance: Unknown
Status: Unknown
** Bug watch added: Debian Bug tracker #608255
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608255
** Also affects: bc via
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608255
Importance: Unknown
Status: Unknown
** No longer affects: bc
** Also affects: bc (Debian) via
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608255
Importance: Unknown
Status: Unknown
** Also affects: bc (Ubuntu Precise)
Importance: Undecided
Status: New
** Changed in: bc (Ubuntu)
Status: New => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to bc in Ubuntu.
https://bugs.launchpad.net/bugs/1259656
Title:
bc uses uninitialized memory
Status in “bc” package in Ubuntu:
Fix Released
Status in “bc” source package in Precise:
New
Status in “bc” package in Debian:
Unknown
Bug description:
This is http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608255 fixed
in later package versions:
bc depends on uninitialized mem:
echo "e(1)" | MALLOC_PERTURB_=1 bc -l
echo "e(1)" | MALLOC_PERTURB_=0 bc -l
2.71828182845904523536
This fixes it:
--- storage.c.orig 2010-12-21 19:43:14.663540110 +0000
+++ storage.c 2010-12-21 19:42:01.392540111 +0000
@@ -99,6 +99,7 @@
{
f = &functions[indx];
f->f_defined = FALSE;
+ f->f_void = FALSE;
f->f_body = (char *) bc_malloc (BC_START_SIZE);
f->f_body_size = BC_START_SIZE;
f->f_code_size = 0;
IMPACT:
"bc" mathlib routines fail when running under the MALLOC_PERTURB_ environment used by some paranoid people.
TEST CASE:
The command 'echo "e(1)" | MALLOC_PERTURB_=1 bc -l' should return '2.71828182845904523536' instead of nothing.
REGRESSION POTENTIAL:
Extremely low -- this fix is included in later package versions and fixes the problem.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bc/+bug/1259656/+subscriptions
More information about the foundations-bugs
mailing list