bug-gnulib
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

address@hidden: [Bug 189545] New: legal argp() arg_option keys (ints) ca

From: Paul Knowles
Subject: address@hidden: [Bug 189545] New: legal argp() arg_option keys (ints) can cause segfaults]
Date: Fri, 21 Apr 2006 08:13:05 +0200 
Hello, 
 I forward this by hand since the bugzilla forwarding seems
not to recognize the address@hidden email address.
cheers,

Paul Knowles.  
email: Paul (dot) Knowles QWERTY-SHIFT-2 unifr (dot) ch

------- Start of forwarded message -------
Date: Thu, 20 Apr 2006 17:39:24 -0400
From: address@hidden
To: address@hidden
Subject: [Bug 189545] New: legal argp() arg_option keys (ints) can cause 
segfaults
Content-type: text/plain; charset=utf-8
X-Loop: address@hidden
X-Bugzilla-Product: Fedora Core
X-Bugzilla-Version: fc5
X-Bugzilla-Component: glibc
X-Bugzilla-Comment: Public
X-Bugzilla-Reason: Reporter
X-Bugzilla-Changed-Fields: New

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189545

           Summary: legal argp() arg_option keys (ints) can cause segfaults
           Product: Fedora Core
           Version: fc5
          Platform: All
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: normal
         Component: glibc
        AssignedTo: address@hidden
        ReportedBy: address@hidden
         QAContact: address@hidden


Description of problem: argp() relies on broken library functions
 to test the integer argp_option.key parameter.  If that int falls
 outside of the testable parameters of isprint(), the program will
 segfault.

Version-Release number of selected component (if applicable):
Fedora core 4 and 5

How reproducible:  every time

Steps to Reproduce:
1. compile a program using argp() argument parsing,
  use as keys valid ints which the isprint() function cannot digest.
  
Actual results: seg fault on startup.
Expected results: correct running program

Additional info:

See FC5 bug 189525 for a discussion of how the badly defined 
C99 spec lets isprint(int) legally segfault for valid ints 
that fall outside of the range representable via unsigned char.

Unfortunately, the argp_option structure contains:
`int key'
          The integer key provided by the current option to the option
          parser.  If KEY has a value that is a printable ASCII
          character (i.e., `isascii (KEY)' is true), it _also_
          specifies a short option `-CHAR', where CHAR is the ASCII
          character with the code KEY.
The value of key is tested by isprint(), not isascii().  Legal values 
of the key can thus cause the program to segfault.  

Either the documentation for argp needs to be updated, or the argp() 
parsing  function should check the key before passing it to isprint().
As per the spec: `` int isalnum(int c); ... The c argument is an int, 
the value of which the application shall ensure is representable as 
an unsigned char or equal to the value of the macro EOF. If the argument
has any other value, the behavior is undefined.''  

The argp() function does not ensure the representability of its key as an
`unsigned char or ... EOF' before calling isprint().  The documentation 
does not demand that the argp() caller perform that check.  This is a bug.

- -- 
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
- ------- You are receiving this mail because: -------
You reported the bug, or are watching the reporter.
------- End of forwarded message -------
reply via email to
[Prev in Thread] Current Thread [Next in Thread]