[Bug 4964] New: segfault freeing uninitialized memory

bugzilla at busybox.net bugzilla at busybox.net
Wed Mar 21 18:41:15 UTC 2012


https://bugs.busybox.net/show_bug.cgi?id=4964

           Summary: segfault freeing uninitialized memory
           Product: uClibc
           Version: 0.9.32
          Platform: Other
        OS/Version: Linux
            Status: NEW
          Severity: major
          Priority: P5
         Component: Locales
        AssignedTo: unassigned at uclibc.org
        ReportedBy: exnadler at gmail.com
                CC: uclibc-cvs at uclibc.org
   Estimated Hours: 0.0


I'm using the live555 library to stream H.264 video on an embedded Linux
system.  Using the live555 testOnDemandRTSPServer function I get a segfault
starting to stream H.264 video to VLC.

I've patched the error as I see it.  It looks to me like the base structure is
not fully initialized with 0 (only a subset of the structure is initialized). 
This later results in a free of base->collate.index2weight in _locale_set_l. 
This free tries to free uninitialized memory and segfaults.  My patch fully
zeros out the structure.

It doesn't appear that this code is changed in the current git tip from the
0.9.32 version I am using and tested with.

Note that this patch avoids the segfault.  However, my guess is that there
might still be some code in this area which is not working.  Looking at the GNU
C library it initializes the structure with the C locale if no other locale is
specified.

--- uClibc-0.9.32/libc/misc/locale/locale.c    2011-06-08 14:35:20.000000000
-0500
+++ uClibc-0.9.32-modified/libc/misc/locale/locale.c    2012-03-18
15:23:09.000000000 -0500
@@ -1295,6 +1295,7 @@
         base = malloc(sizeof(struct __uclibc_locale_struct));
         if (base == NULL)
             return base;
+                memset(base, 0, sizeof(struct __uclibc_locale_struct));
         _locale_init_l(base);
     }

-- 
Configure bugmail: https://bugs.busybox.net/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


More information about the uClibc-cvs mailing list