[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] progname: don't segfault when argv is NULL
From: |
Bruno Haible |
Subject: |
Re: [PATCH] progname: don't segfault when argv is NULL |
Date: |
Sun, 6 Dec 2009 23:20:12 +0100 |
User-agent: |
KMail/1.9.9 |
Hi Jim,
> >> I suggest you declare those functions with the "nonnull" attribute.
>
> I was referring to the functions in progname.h:
>
> set_program_name
> set_program_name_and_installdir
The __nonnull__ attribute on these functions would help preventing or detecting
the bug, because these functions are always called with argument argv[0],
not with a literal NULL.
> > =========================== proposed linux-kernel report
> > =======================
> ...
> perhaps incomplete, since you can make the same argument about the "envp"
> pointer.
How so? When the caller passes a NULL envp argument - which POSIX does not
allow - the kernel provides an empty environment array instead. The callee
never sees a NULL 'environ'.
POSIX refers to argv[0], but not to envp[0].
It also contains language that explicitly says the callee is not guaranteed to
be
invoked with a POSIX compliant 'environ':
"The new process might be invoked in a non-conforming environment if the
envp array does not contain implementation-defined variables required
by the implementation to provide a conforming environment. See the
_CS_V7_ENV entry in <unistd.h> and confstr() for details."
> I do realize
> that this "fail early" aspect can be seen as a feature to help
> detect and hence diagnose/repair the underlying cause in the parent.
Absolutely.
Also, dumping core is the only way for the user to tell which program was
invoked in this irregular way.
> Will you put this in gnulib?
> Do you mean "the exec*ve* system call" or perhaps "an exec system call"?
Yes, "an exec system call" is better than "the exec system call". Thanks.
Committed.
Bruno
2009-12-06 Bruno Haible <address@hidden>
* lib/progname.c: Include stdio.h, stdlib.h.
(set_program_name): Reject a NULL argument.
*** lib/progname.c.orig 2009-12-06 23:19:17.000000000 +0100
--- lib/progname.c 2009-12-06 23:19:07.000000000 +0100
***************
*** 23,28 ****
--- 23,30 ----
#include "progname.h"
#include <errno.h> /* get program_invocation_name declaration */
+ #include <stdio.h>
+ #include <stdlib.h>
#include <string.h>
***************
*** 44,49 ****
--- 46,61 ----
const char *slash;
const char *base;
+ /* Sanity check. POSIX requires the invoking process to pass a non-NULL
+ argv[0]. */
+ if (argv0 == NULL)
+ {
+ /* It's a bug in the invoking program. Help diagnosing it. */
+ fputs ("A NULL argv[0] was passed through an exec system call.\n",
+ stderr);
+ abort ();
+ }
+
slash = strrchr (argv0, '/');
base = (slash != NULL ? slash + 1 : argv0);
if (base - argv0 >= 7 && strncmp (base - 7, "/.libs/", 7) == 0)
- Re: [PATCH] progname: don't segfault when argv is NULL, (continued)
- Re: [PATCH] progname: don't segfault when argv is NULL, Eric Blake, 2009/12/04
- Re: [PATCH] progname: don't segfault when argv is NULL, Jim Meyering, 2009/12/05
- Re: [PATCH] progname: don't segfault when argv is NULL, Jim Meyering, 2009/12/06
- __nonnull__ declarations, Bruno Haible, 2009/12/06
- Re: __nonnull__ declarations, Jim Meyering, 2009/12/07
- Re: __nonnull__ declarations, Bruno Haible, 2009/12/10
- Re: [PATCH] progname: don't segfault when argv is NULL,
Bruno Haible <=
- Re: [PATCH] progname: don't segfault when argv is NULL, Jim Meyering, 2009/12/09
- Re: [PATCH] progname: don't segfault when argv is NULL, Bruno Haible, 2009/12/09
- Re: [PATCH] progname: don't segfault when argv is NULL, Bruno Haible, 2009/12/09
- Re: [PATCH] progname: don't segfault when argv is NULL, Jim Meyering, 2009/12/09