public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug libc/323] New: missing NULL pointer check in s(n)printf
@ 2004-08-13 12:07 g dot tenchio at telco-tech dot de
  2004-08-13 12:14 ` [Bug libc/323] " jakub at redhat dot com
  0 siblings, 1 reply; 2+ messages in thread
From: g dot tenchio at telco-tech dot de @ 2004-08-13 12:07 UTC (permalink / raw)
  To: glibc-bugs

Try the following:

void main() {
  sprintf((char)0,"Goodbye\n");
}

Result: core dump
Expected: nothing

Simply a missing NULL pointer check?

Fedora Core II
glibc-2.3.3-27

-- 
           Summary: missing NULL pointer check in s(n)printf
           Product: glibc
           Version: 2.3.3
            Status: NEW
          Severity: normal
          Priority: P2
         Component: libc
        AssignedTo: gotom at debian dot or dot jp
        ReportedBy: g dot tenchio at telco-tech dot de
                CC: glibc-bugs at sources dot redhat dot com
  GCC host triplet: i686-redhat-linux


http://sources.redhat.com/bugzilla/show_bug.cgi?id=323

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.


^ permalink raw reply	[flat|nested] 2+ messages in thread
* [Bug libc/323] missing NULL pointer check in s(n)printf
  2004-08-13 12:07 [Bug libc/323] New: missing NULL pointer check in s(n)printf g dot tenchio at telco-tech dot de
@ 2004-08-13 12:14 ` jakub at redhat dot com
  0 siblings, 0 replies; 2+ messages in thread
From: jakub at redhat dot com @ 2004-08-13 12:14 UTC (permalink / raw)
  To: glibc-bugs


------- Additional Comments From jakub at redhat dot com  2004-08-13 12:14 -------
No, it is not necessary.  ISO C99 says the first argument of sprintf is an array,
not just any pointer.  NULL pointer is not a valid array, so this is undefined
behaviour.  So segfaulting is completely valid behaviour for this.
If you call strlen (NULL), it will segfault the same.

-- 
           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |INVALID


http://sources.redhat.com/bugzilla/show_bug.cgi?id=323

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.


^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2004-08-13 12:14 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2004-08-13 12:07 [Bug libc/323] New: missing NULL pointer check in s(n)printf g dot tenchio at telco-tech dot de
2004-08-13 12:14 ` [Bug libc/323] " jakub at redhat dot com

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).