[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Bug-tar] Potential bug report
|
From: |
Eric Blake |
|
Subject: |
Re: [Bug-tar] Potential bug report |
|
Date: |
Mon, 02 Apr 2012 07:10:01 -0600 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:11.0) Gecko/20120329 Thunderbird/11.0.1 |
On 04/01/2012 12:10 AM, Xu Zhongxing wrote:
> I scanned tar 1.26 with my static analysis tool, and found 2 potential bugs.
> It is described in attached files. Could anyone take a look at them? Thank
> you.
>
I didn't look at the first report; although it may be real. Since your
first report deals with getopt.c, which is shared code from gnulib, it
may be worth reporting this upstream to gnulib and/or glibc (since tar
uses gnulib's implementation, but gnulib borrows getopt from glibc). A
quick glance at the second report says your tool is over-sensitive:
> <event>
> <type>Trigger</type>
> <location>
> <file>argp-help.c</file>
> <line>464</line>
> </location>
> <description>The size passed to malloc() or realloc() is not greater than
> 0.</description>
> <expr>malloc(sizeof(struct hol_entry) * hol->num_entries)</expr>
> </event>
We guarantee (via gnulib) that malloc(0) as used in tar will always
return a non-NULL pointer (except on ENOMEM error). We see no reason to
change tar to guarantee a non-zero size request.
--
Eric Blake address@hidden +1-919-301-3266
Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature