Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: procmail / Sendmail - five bugs
From: casper () HOLLAND SUN COM (Casper Dik)
Date: Thu, 23 Dec 1999 15:35:58 +0100


a) On some glibc 2.0 machines (eg. RedHat), malloc(negative_integer) won't
result in EINVAL, but with valid pointer, for which malloc_usable_size()
returns size of 12 bytes. Heap overflows possible? Hmm, at least SEGVs in
procmail:)

On a pedantic note: it is not possible to call a standard conforming malloc()
with a negative integer; the argument to malloc is unsigned (size_t).
In Solaris, calls to malloc > 2^31-1 can result in memory being returned
of the requested size.  Various older releases of Solaris do have problems
at the 2GB barrier, even thgough > 2GB can be available for malloc.

Casper


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]