FS#22245 - [bc] uses unititialized memory

Attached to Project: Arch Linux
Opened by Pádraig Brady (pixelbeat) - Wednesday, 29 December 2010, 10:41 GMT
Last edited by Ronald van Haren (pressh) - Wednesday, 29 December 2010, 12:42 GMT
Task Type Bug Report
Category Packages: Extra
Status Closed
Assigned To Ronald van Haren (pressh)
Architecture All
Severity Medium
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Package: bc
Version: 1.06-7
Tags: patch

bc depends on uninitialized mem:

echo "e(1)" | MALLOC_PERTURB_=1 bc -l
echo "e(1)" | MALLOC_PERTURB_=0 bc -l
2.71828182845904523536

This fixes it:

--- storage.c.orig 2010-12-21 19:43:14.663540110 +0000
+++ storage.c 2010-12-21 19:42:01.392540111 +0000
@@ -99,6 +99,7 @@
{
f = &functions[indx];
f->f_defined = FALSE;
+ f->f_void = FALSE;
f->f_body = (char *) bc_malloc (BC_START_SIZE);
f->f_body_size = BC_START_SIZE;
f->f_code_size = 0;
This task depends upon

Closed by  Ronald van Haren (pressh)
Wednesday, 29 December 2010, 12:42 GMT
Reason for closing:  Not a bug
Additional comments about closing:  stable version in the repos is not affected as per comments
Comment by Lukas Fleischer (lfleischer) - Wednesday, 29 December 2010, 11:40 GMT
Strange, I can't reproduce that. Did you even test this on Arch?
Comment by Pádraig Brady (pixelbeat) - Wednesday, 29 December 2010, 12:40 GMT
No I didn't test on arch sorry,
and now that I'm looking at the versions,
it seems that arch is using a 10 year old bc,
and thus not affected.

Other distros have moved to 1.06.95 @ ftp://alpha.gnu.org/gnu/bc/
(which is 4 years old itself).

Sorry for the noise.

Loading...