[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
undefined behavior in hol_append()
From: |
Matthew Wala |
Subject: |
undefined behavior in hol_append() |
Date: |
Mon, 28 Nov 2011 14:52:53 -0600 |
Hello:
The function hol_append() in lib/argp-parse.c exhibits undefined behavior.
Specifically, the expression in line 894:
e->short_options += (short_options - hol->short_options);
subtracts two pointers that do not point to the same memory object.
Something like:
e->short_options = short_options + (e->short_options - hol->short_options);
does the intended operation with legal pointer arithmetic.
I found this issue with the help of SAFECode (http://safecode.cs.illinois.edu/).
Matt
- undefined behavior in hol_append(),
Matthew Wala <=