[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
address@hidden: [Bug 189545] New: legal argp() arg_option keys (ints) ca
From: |
Paul Knowles |
Subject: |
address@hidden: [Bug 189545] New: legal argp() arg_option keys (ints) can cause segfaults] |
Date: |
Fri, 21 Apr 2006 08:13:05 +0200 |
Hello,
I forward this by hand since the bugzilla forwarding seems
not to recognize the address@hidden email address.
cheers,
Paul Knowles.
email: Paul (dot) Knowles QWERTY-SHIFT-2 unifr (dot) ch
------- Start of forwarded message -------
Date: Thu, 20 Apr 2006 17:39:24 -0400
From: address@hidden
To: address@hidden
Subject: [Bug 189545] New: legal argp() arg_option keys (ints) can cause
segfaults
Content-type: text/plain; charset=utf-8
X-Loop: address@hidden
X-Bugzilla-Product: Fedora Core
X-Bugzilla-Version: fc5
X-Bugzilla-Component: glibc
X-Bugzilla-Comment: Public
X-Bugzilla-Reason: Reporter
X-Bugzilla-Changed-Fields: New
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189545
Summary: legal argp() arg_option keys (ints) can cause segfaults
Product: Fedora Core
Version: fc5
Platform: All
OS/Version: Linux
Status: NEW
Severity: normal
Priority: normal
Component: glibc
AssignedTo: address@hidden
ReportedBy: address@hidden
QAContact: address@hidden
Description of problem: argp() relies on broken library functions
to test the integer argp_option.key parameter. If that int falls
outside of the testable parameters of isprint(), the program will
segfault.
Version-Release number of selected component (if applicable):
Fedora core 4 and 5
How reproducible: every time
Steps to Reproduce:
1. compile a program using argp() argument parsing,
use as keys valid ints which the isprint() function cannot digest.
Actual results: seg fault on startup.
Expected results: correct running program
Additional info:
See FC5 bug 189525 for a discussion of how the badly defined
C99 spec lets isprint(int) legally segfault for valid ints
that fall outside of the range representable via unsigned char.
Unfortunately, the argp_option structure contains:
`int key'
The integer key provided by the current option to the option
parser. If KEY has a value that is a printable ASCII
character (i.e., `isascii (KEY)' is true), it _also_
specifies a short option `-CHAR', where CHAR is the ASCII
character with the code KEY.
The value of key is tested by isprint(), not isascii(). Legal values
of the key can thus cause the program to segfault.
Either the documentation for argp needs to be updated, or the argp()
parsing function should check the key before passing it to isprint().
As per the spec: `` int isalnum(int c); ... The c argument is an int,
the value of which the application shall ensure is representable as
an unsigned char or equal to the value of the macro EOF. If the argument
has any other value, the behavior is undefined.''
The argp() function does not ensure the representability of its key as an
`unsigned char or ... EOF' before calling isprint(). The documentation
does not demand that the argp() caller perform that check. This is a bug.
- --
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
- ------- You are receiving this mail because: -------
You reported the bug, or are watching the reporter.
------- End of forwarded message -------
- address@hidden: [Bug 189545] New: legal argp() arg_option keys (ints) can cause segfaults],
Paul Knowles <=