The following code does not work anymore on glibc 2.7, while it was working on glibc 2.6:
#include <stdio.h>
int main() { char *buf = " "; char *str;
sscanf (buf, "%as", &str); printf("%p\n", str); return 0; }
Instead the glibc now reports an invalid pointer:
*** glibc detected *** ./test: munmap_chunk(): invalid pointer: 0x00007fffe37dd8c0 *** ======= Backtrace: ========= /lib/libc.so.6(cfree+0x1b6)[0x2b8ac7560d06] /lib/libc.so.6(_IO_vfscanf+0x239f)[0x2b8ac753e29f] /lib/libc.so.6(vsscanf+0x75)[0x2b8ac754ec85] /lib/libc.so.6(_IO_sscanf+0x88)[0x2b8ac75498b8] ./test[0x4004bf] /lib/libc.so.6(__libc_start_main+0xf4)[0x2b8ac75071c4] ./test[0x400409] ======= Memory map: ======== 00400000-00401000 r-xp 00000000 08:02 2392545 /tmp/test 00600000-00601000 rw-p 00000000 08:02 2392545 /tmp/test 00601000-00622000 rw-p 00601000 00:00 0 [heap] 2b8ac72cb000-2b8ac72e8000 r-xp 00000000 08:02 6669895 /lib/ld-2.7.so 2b8ac72e8000-2b8ac72eb000 rw-p 2b8ac72e8000 00:00 0 2b8ac74e7000-2b8ac74e9000 rw-p 0001c000 08:02 6669895 /lib/ld-2.7.so 2b8ac74e9000-2b8ac763d000 r-xp 00000000 08:02 6669873 /lib/libc-2.7.so 2b8ac763d000-2b8ac783d000 ---p 00154000 08:02 6669873 /lib/libc-2.7.so 2b8ac783d000-2b8ac7840000 r--p 00154000 08:02 6669873 /lib/libc-2.7.so 2b8ac7840000-2b8ac7842000 rw-p 00157000 08:02 6669873 /lib/libc-2.7.so 2b8ac7842000-2b8ac7848000 rw-p 2b8ac7842000 00:00 0 2b8ac7848000-2b8ac7855000 r-xp 00000000 08:02 21217454 /lib/libgcc_s.so.1 2b8ac7855000-2b8ac7a55000 ---p 0000d000 08:02 21217454 /lib/libgcc_s.so.1 2b8ac7a55000-2b8ac7a56000 rw-p 0000d000 08:02 21217454 /lib/libgcc_s.so.1 7fffe37ca000-7fffe37df000 rw-p 7fffe37ca000 00:00 0 [stack] ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vdso]
The following code does not work anymore on glibc 2.7, while it was working on
glibc 2.6:
#include <stdio.h>
int main()
{
char *buf = " ";
char *str;
sscanf (buf, "%as", &str);
printf("%p\n", str);
return 0;
}
Instead the glibc now reports an invalid pointer:
*** glibc detected *** ./test: munmap_chunk(): invalid pointer: so.6(cfree+ 0x1b6)[ 0x2b8ac7560d06] so.6(_IO_ vfscanf+ 0x239f) [0x2b8ac753e29f ] so.6(vsscanf+ 0x75)[0x2b8ac75 4ec85] so.6(_IO_ sscanf+ 0x88)[0x2b8ac75 498b8] so.6(__ libc_start_ main+0xf4) [0x2b8ac75071c4 ] 2b8ac72e8000 r-xp 00000000 08:02 2b8ac72eb000 rw-p 2b8ac72e8000 00:00 0 2b8ac74e9000 rw-p 0001c000 08:02 2b8ac763d000 r-xp 00000000 08:02 2b8ac783d000 ---p 00154000 08:02 2b8ac7840000 r--p 00154000 08:02 2b8ac7842000 rw-p 00157000 08:02 2b8ac7848000 rw-p 2b8ac7842000 00:00 0 2b8ac7855000 r-xp 00000000 08:02 2b8ac7a55000 ---p 0000d000 08:02 2b8ac7a56000 rw-p 0000d000 08:02 7fffe37df000 rw-p 7fffe37ca000 00:00 0 0-ffffffffff601 000 r-xp 00000000 00:00 0 [vdso]
0x00007fffe37dd8c0 ***
======= Backtrace: =========
/lib/libc.
/lib/libc.
/lib/libc.
/lib/libc.
./test[0x4004bf]
/lib/libc.
./test[0x400409]
======= Memory map: ========
00400000-00401000 r-xp 00000000 08:02
2392545 /tmp/test
00600000-00601000 rw-p 00000000 08:02
2392545 /tmp/test
00601000-00622000 rw-p 00601000 00:00 0 [heap]
2b8ac72cb000-
6669895 /lib/ld-2.7.so
2b8ac72e8000-
2b8ac74e7000-
6669895 /lib/ld-2.7.so
2b8ac74e9000-
6669873 /lib/libc-2.7.so
2b8ac763d000-
6669873 /lib/libc-2.7.so
2b8ac783d000-
6669873 /lib/libc-2.7.so
2b8ac7840000-
6669873 /lib/libc-2.7.so
2b8ac7842000-
2b8ac7848000-
21217454 /lib/libgcc_s.so.1
2b8ac7855000-
21217454 /lib/libgcc_s.so.1
2b8ac7a55000-
21217454 /lib/libgcc_s.so.1
7fffe37ca000-
[stack]
ffffffffff60000