Hello, I forward this by hand since the bugzilla forwarding seems not to recognize the [email protected] email address. cheers,
Paul Knowles. email: Paul (dot) Knowles QWERTY-SHIFT-2 unifr (dot) ch ------- Start of forwarded message ------- Date: Thu, 20 Apr 2006 17:39:24 -0400 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [Bug 189545] New: legal argp() arg_option keys (ints) can cause segfaults Content-type: text/plain; charset=utf-8 X-Loop: [EMAIL PROTECTED] X-Bugzilla-Product: Fedora Core X-Bugzilla-Version: fc5 X-Bugzilla-Component: glibc X-Bugzilla-Comment: Public X-Bugzilla-Reason: Reporter X-Bugzilla-Changed-Fields: New https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189545 Summary: legal argp() arg_option keys (ints) can cause segfaults Product: Fedora Core Version: fc5 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: normal Component: glibc AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] QAContact: [EMAIL PROTECTED] Description of problem: argp() relies on broken library functions to test the integer argp_option.key parameter. If that int falls outside of the testable parameters of isprint(), the program will segfault. Version-Release number of selected component (if applicable): Fedora core 4 and 5 How reproducible: every time Steps to Reproduce: 1. compile a program using argp() argument parsing, use as keys valid ints which the isprint() function cannot digest. Actual results: seg fault on startup. Expected results: correct running program Additional info: See FC5 bug 189525 for a discussion of how the badly defined C99 spec lets isprint(int) legally segfault for valid ints that fall outside of the range representable via unsigned char. Unfortunately, the argp_option structure contains: `int key' The integer key provided by the current option to the option parser. If KEY has a value that is a printable ASCII character (i.e., `isascii (KEY)' is true), it _also_ specifies a short option `-CHAR', where CHAR is the ASCII character with the code KEY. The value of key is tested by isprint(), not isascii(). Legal values of the key can thus cause the program to segfault. Either the documentation for argp needs to be updated, or the argp() parsing function should check the key before passing it to isprint(). As per the spec: `` int isalnum(int c); ... The c argument is an int, the value of which the application shall ensure is representable as an unsigned char or equal to the value of the macro EOF. If the argument has any other value, the behavior is undefined.'' The argp() function does not ensure the representability of its key as an `unsigned char or ... EOF' before calling isprint(). The documentation does not demand that the argp() caller perform that check. This is a bug. - -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email - ------- You are receiving this mail because: ------- You reported the bug, or are watching the reporter. ------- End of forwarded message -------
