Opened 21 months ago
Closed 21 months ago
#18346 closed bug (fixed)
initstate makes out-of-bounds writes
Reported by: | bhaible | Owned by: | nobody |
---|---|---|---|
Priority: | normal | Milestone: | R1/beta5 |
Component: | System/POSIX | Version: | R1/beta4 |
Keywords: | initstate | Cc: | |
Blocked By: | Blocking: | ||
Platform: | All |
Description
The initstate function may write into the array passed as argument. POSIX specifies that the third argument is the size of this array: https://pubs.opengroup.org/onlinepubs/9699919799/functions/initstate.html "The initstate() function allows a state array, pointed to by the state argument, to be initialized for future use. The size argument, which specifies the size in bytes of the state array, shall be used by initstate() to decide what type of random-number generator to use; the larger the state array, the more random the numbers. Values for the amount of state information are 8, 32, 64, 128, and 256 bytes."
In Haiku r1beta4, the initstate functions also clobbers local variables in the calling function.
How to reproduce (on x86_64):
$ gcc -ggdb -Wall foo.c $ ./a.out n_big = 14883589 Abort
Attachments (1)
Change History (3)
by , 21 months ago
comment:2 by , 21 months ago
Milestone: | Unscheduled → R1/beta5 |
---|---|
Resolution: | → fixed |
Status: | new → closed |
Fixed in hrev56906.
test case