public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug libc/1967] New: no parameter check in aio_return() in rt/aio_return.c
@ 2005-12-02 8:38 heiko dot nardmann at secunet dot com
2005-12-02 8:40 ` [Bug libc/1967] " heiko dot nardmann at secunet dot com
2005-12-02 8:46 ` jakub at redhat dot com
0 siblings, 2 replies; 3+ messages in thread
From: heiko dot nardmann at secunet dot com @ 2005-12-02 8:38 UTC (permalink / raw)
To: glibc-bugs
In function aio_return() in rt/aio_return.c the parameter aiocbp is not checked
against NULL before dereferencing:
ssize_t
aio_return (aiocbp)
struct aiocb *aiocbp;
{
return aiocbp->__return_value;
}
--
Summary: no parameter check in aio_return() in rt/aio_return.c
Product: glibc
Version: 2.3.5
Status: NEW
Severity: normal
Priority: P2
Component: libc
AssignedTo: drepper at redhat dot com
ReportedBy: heiko dot nardmann at secunet dot com
CC: glibc-bugs at sources dot redhat dot com
http://sourceware.org/bugzilla/show_bug.cgi?id=1967
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 3+ messages in thread
* [Bug libc/1967] no parameter check in aio_return() in rt/aio_return.c
2005-12-02 8:38 [Bug libc/1967] New: no parameter check in aio_return() in rt/aio_return.c heiko dot nardmann at secunet dot com
@ 2005-12-02 8:40 ` heiko dot nardmann at secunet dot com
2005-12-02 8:46 ` jakub at redhat dot com
1 sibling, 0 replies; 3+ messages in thread
From: heiko dot nardmann at secunet dot com @ 2005-12-02 8:40 UTC (permalink / raw)
To: glibc-bugs
------- Additional Comments From heiko dot nardmann at secunet dot com 2005-12-02 08:40 -------
The same for aio_error() in rt/aio_error.c:
int
aio_error (aiocbp)
const struct aiocb *aiocbp;
{
return aiocbp->__error_code;
}
--
http://sourceware.org/bugzilla/show_bug.cgi?id=1967
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 3+ messages in thread
* [Bug libc/1967] no parameter check in aio_return() in rt/aio_return.c
2005-12-02 8:38 [Bug libc/1967] New: no parameter check in aio_return() in rt/aio_return.c heiko dot nardmann at secunet dot com
2005-12-02 8:40 ` [Bug libc/1967] " heiko dot nardmann at secunet dot com
@ 2005-12-02 8:46 ` jakub at redhat dot com
1 sibling, 0 replies; 3+ messages in thread
From: jakub at redhat dot com @ 2005-12-02 8:46 UTC (permalink / raw)
To: glibc-bugs
------- Additional Comments From jakub at redhat dot com 2005-12-02 08:46 -------
Please stop with this. There are hundreds of such functions in glibc,
and bad arguments are intentionally not checked in them, among other for
performance reasons.
http://www.opengroup.org/onlinepubs/009695399/functions/aio_return.html
doesn't allow the aiocbp argument to be NULL, it must be a reference to
a valid aiocb structure which NULL is not.
From
http://www.opengroup.org/onlinepubs/009695399/functions/xsh_chap02_03.html#tag_02_03
you can see that it is allowed to return -1 and EFAULT in errno in that case,
but it is not guaranteed.
Furthermore, even if you add a check for NULL, aio_return ((struct aiocb *)28);
would still crash and there is really no difference between NULL and (struct
aiocb *)28 as far as this function is concerned. Both are invalid arguments,
triggering undefined behaviour.
--
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |INVALID
http://sourceware.org/bugzilla/show_bug.cgi?id=1967
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2005-12-02 8:46 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2005-12-02 8:38 [Bug libc/1967] New: no parameter check in aio_return() in rt/aio_return.c heiko dot nardmann at secunet dot com
2005-12-02 8:40 ` [Bug libc/1967] " heiko dot nardmann at secunet dot com
2005-12-02 8:46 ` jakub at redhat dot com
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).