Package: libc6
Version: 2.3.2.ds1-11
Severity: important
The function strtof does not work at all, it always returns garbage.
Many programs are silently broken by this bug. This small
example will return a random number, without using rand :-)
#include <stdlib.h>
#include <stdio.h>
#include <stddef.h>
int main (void)
{
printf ("%f\n", strtof ("5E+2", NULL));
return 0;
}
Actually, the value returned by strtof seems to come from a pointer
freely walking through the stack; declaring a new, unused variable
sometimes makes a different value returned, like in this case:
int main (void)
{
int a;
printf ("%f\n", strtof ("5E+2", NULL));
return 0;
}
Is not Debian specific. Tested on Red Hat Advanced Server 2.1, Gentoo
and Debian Sid (powerpc and x86). Many glibc versions are affected, not
only this one. Probably there are no security implications, but still
not tested.
It is not something new:
http://mail.gnu.org/archive/html/bug-glibc/2002-03/msg00336.html
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.2
Locale: LANG=en_US, LC_CTYPE=en_US
Versions of packages libc6 depends on:
ii libdb1-compat 2.1.3-7 The Berkeley database routines [gl
-- no debconf information
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
