Hi Bruno,
Ok to apply the patch below?
Without it, anyone can make nearly any coreutils program segfault
with this simple recipe:
printf '%s\n' '#include <unistd.h>' 'int main(int c, char**v)' \
'{ execve (v[1], 0, 0); }' > k.c && gcc k.c && ./a.out /bin/cat
While that usage of execve is in violation of POSIX,
nothing prevents a set_program_name caller from calling
the function with a NULL argument. Hence, we should handle it.
As for why I chose to use an empty string, ...
That will make it obvious that something is going wrong,
and cannot be confused with a legitimate program name.
For reference, perl uses the empty string, too:
$ printf 'print ":$ARGV[0]:\n"' |./a.out /usr/bin/perl
::
>From 761448cef4c36ec0551eeaa39fb65a87c0ba39ae Mon Sep 17 00:00:00 2001
From: Jim Meyering <meyer...@redhat.com>
Date: Fri, 4 Dec 2009 14:28:25 +0100
Subject: [PATCH] progname: don't segfault when argv is NULL
* lib/progname.c (set_program_name): Don't let an abusive or
erroneous caller induce a NULL dereference. Handle a NULL argument.
---
ChangeLog | 6 ++++++
lib/progname.c | 3 +++
2 files changed, 9 insertions(+), 0 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index da260c1..30353ef 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2009-12-04 Jim Meyering <meyer...@redhat.com>
+
+ progname: don't segfault when argv is NULL
+ * lib/progname.c (set_program_name): Don't let an abusive or
+ erroneous caller induce a NULL dereference. Handle a NULL argument.
+
2009-12-03 Paolo Bonzini <bonz...@gnu.org>
exclude: Fix header file problems.
diff --git a/lib/progname.c b/lib/progname.c
index bfa374a..d847d1e 100644
--- a/lib/progname.c
+++ b/lib/progname.c
@@ -42,6 +42,9 @@ set_program_name (const char *argv0)
const char *slash;
const char *base;
+ if (argv0 == NULL)
+ argv0 = "";
+
slash = strrchr (argv0, '/');
base = (slash != NULL ? slash + 1 : argv0);
if (base - argv0 >= 7 && strncmp (base - 7, "/.libs/", 7) == 0)
--
1.6.6.rc1.280.ge45b
