[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
glibc 2.2.2 strtok() segfault
From: |
Andrew Church |
Subject: |
glibc 2.2.2 strtok() segfault |
Date: |
Wed, 21 Feb 2001 17:00:51 JST |
There is a bug in strtok() on the i686 platform, and possibly
others, which will cause a segmentation fault under limited conditions.
The following program demonstrates this bug:
---------------------------
#include <string.h>
int main() {
char buf[1] = {0};
char *s1, *s2;
s1 = strtok(buf, " ");
s2 = strtok(NULL, " "); // segfault here
return 0;
}
---------------------------
The bug occurs because strtok()'s internal saved string pointer
(save_ptr in sysdeps/i386/i686/strtok.S) is initialized to NULL at
program start time, and is not updated after the first strtok() call
(which returns NULL), so that the NULL in the second call causes this
pointer to be used and a NULL dereference to occur.
I do realize that calling strtok() with NULL after a NULL result
could be considered improper practice, depending on how strtok() is
defined in the standards (my man page doesn't say anything about the
behavior of strtok() after a NULL result), but this is the first time
I have seen a libc that crashes in such a circumstance, and I think
that at least minimal robustness is appropriate here.
--Andrew Church
address@hidden | New address - please note.
http://achurch.org/ | $B%a!<%k%"%I%l%9$,JQ$o$j$^$7$?!#(B
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- glibc 2.2.2 strtok() segfault,
Andrew Church <=