| Title | GNU C Library (glibc) gmon allocated buffer overflow |
|---|
| Description | The call graph monitor (gmon) has a buffer overflow flaw.
Rounding up is missing during calculating the required size of the internal buffer.
It results in writing beyond the allocated buffer when an added call-graph arc address is near to the end of the monitored address range.
This flaw is minor and nonhazardous since effects only if the call graph monitor is activated, i.e. when local profiling is performed.
However, this bug is quite unpleasant for the developer, as it can distort a profiling results (run-to-run with ASLR) and lead to a memory corruption.
It is this issue that is the cause of many heisengbus noticed when using gprof (GNU Profiler) and gcov (GNU coverage testing tool). |
|---|
| Source | ⚠️ https://sourceware.org/bugzilla/show_bug.cgi?id=29444 |
|---|
| User | erthink (UID 40381) |
|---|
| Submission | 02/06/2023 18:26 (3 years ago) |
|---|
| Moderation | 02/06/2023 19:56 (2 hours later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 220246 [GNU C Library 2.38 Call Graph Monitor gmon.c __monstartup buffer overflow] |
|---|
| Points | 20 |
|---|