[Bug libc/12767] New: SEGV in error_at_line(3)

[Bug libc/12767] New: SEGV in error_at_line(3)

[yselkowitz at cygwin dot com]

http://sourceware.org/bugzilla/show_bug.cgi?id=12767

           Summary: SEGV in error_at_line(3)
           Product: glibc
           Version: 2.13
            Status: NEW
          Severity: critical
          Priority: P2
         Component: libc
        AssignedTo: drepper.fsp@gmail.com
        ReportedBy: yselkowitz@cygwin.com


Created attachment 5726
  --> http://sourceware.org/bugzilla/attachment.cgi?id=5726
sample code

Description of problem:
If error_one_per_line is set to a non-zero value, and error_at_line(3) is
called consecutively with the same lineno, once with a NULL filename and the
other non-NULL (in either order), the program SEGVs.  GDB shows the function
uses strcmp(3) without checking for NULL inputs.


Version-Release number of selected component (if applicable):
Fedora 14: glibc-2.13-1.i686


How reproducible:
Always.


Steps to Reproduce:
1. gcc -Wall error-segv.c && ./a.out


Actual results:
./a.out: error_at_line with NULL filename: No such file or directory
Segmentation fault (core dumped)

Program received signal SIGSEGV, Segmentation fault.
__strcmp_ia32 () at ../sysdeps/i386/i686/strcmp.S:39
39    L(oop):    movb    (%ecx), %al
(gdb) bt
#0  __strcmp_ia32 () at ../sysdeps/i386/i686/strcmp.S:39
#1  0x0070eea6 in __error_at_line (status=0, errnum=2, 
    file_name=0x80485b9 "error-segv.c", line_number=10, message=0x8048594 "%s")
    at error.c:275
#2  0x080484bf in error_at_line () at /usr/include/bits/error.h:72
#3  main () at error-segv.c:10


Expected results:
Since NULL != __FILE__, the error_one_per_line clause should not be triggered,
and output should be generated.


Additional info:
Neither http://www.gnu.org/s/libc/manual/html_node/Error-Messages.html nor
http://www.kernel.org/doc/man-pages/online/pages/man3/error.3.html give any
indication that filename cannot be NULL; my tests show that without setting
error_one_per_line, or even set with two consecutive NULL filenames, it works
fine.

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

[Bug libc/12767] SEGV in error_at_line(3)

[yselkowitz at cygwin dot com]

http://sourceware.org/bugzilla/show_bug.cgi?id=12767

Cygwin/X maintainer <yselkowitz at cygwin dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |DUPLICATE

--- Comment #1 from Cygwin/X maintainer <yselkowitz at cygwin dot com> 2011-05-16 03:30:14 UTC ---
Sorry, it seems I entered the bug twice by accident.

*** This bug has been marked as a duplicate of bug 12766 ***

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

[Bug libc/12767] SEGV in error_at_line(3)

[fweimer at redhat dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=12767

Florian Weimer <fweimer at redhat dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
              Flags|                            |security-

-- 
You are receiving this mail because:
You are on the CC list for the bug.