We encountered application crash because the memory area which is returned by calloc() didn't filled with zero.
Same problem was reported in glibc community:
- Bug 1293976 - CVE-2015-5229 glibc: calloc() returns non-zero'ed memory [rhel-7.3.0]
https://bugzilla.redhat.com/show_bug.cgi?id=1293976
This CVE-2015-5229 was once discussed and concluded as Not Applicable:
- LIN6-10966: Security Advisory - glibc - CVE-2015-5229
However, the problematic code mentioned in Bug 1293976 was introduced after that;
- LIN6-13118: WRlinux6 RCPL33 glibc change introduce null pointer memory access
I think straightforward way to fix this issue is to backport following commit:
- Simplify perturb_byte logic.
https://sourceware.org/git/?p=glibc.git;a=commit;h=e8349efd466cfedc0aa98be61d88ca8795c9e565
