From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 7562 invoked by alias); 16 May 2011 01:49:49 -0000 Received: (qmail 7441 invoked by uid 22791); 16 May 2011 01:49:47 -0000 X-SWARE-Spam-Status: No, hits=-2.7 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00,TW_OV X-Spam-Check-By: sourceware.org Received: from localhost (HELO sourceware.org) (127.0.0.1) by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Mon, 16 May 2011 01:49:34 +0000 From: "yselkowitz at cygwin dot com" To: glibc-bugs@sources.redhat.com Subject: [Bug libc/12767] New: SEGV in error_at_line(3) X-Bugzilla-Reason: CC X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: libc X-Bugzilla-Keywords: X-Bugzilla-Severity: critical X-Bugzilla-Who: yselkowitz at cygwin dot com X-Bugzilla-Status: NEW X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: drepper.fsp at gmail dot com X-Bugzilla-Target-Milestone: --- X-Bugzilla-Changed-Fields: Message-ID: X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated Content-Type: text/plain; charset="UTF-8" MIME-Version: 1.0 Date: Mon, 16 May 2011 01:49:00 -0000 Mailing-List: contact glibc-bugs-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: glibc-bugs-owner@sourceware.org X-SW-Source: 2011-05/txt/msg00169.txt.bz2 http://sourceware.org/bugzilla/show_bug.cgi?id=12767 Summary: SEGV in error_at_line(3) Product: glibc Version: 2.13 Status: NEW Severity: critical Priority: P2 Component: libc AssignedTo: drepper.fsp@gmail.com ReportedBy: yselkowitz@cygwin.com Created attachment 5726 --> http://sourceware.org/bugzilla/attachment.cgi?id=5726 sample code Description of problem: If error_one_per_line is set to a non-zero value, and error_at_line(3) is called consecutively with the same lineno, once with a NULL filename and the other non-NULL (in either order), the program SEGVs. GDB shows the function uses strcmp(3) without checking for NULL inputs. Version-Release number of selected component (if applicable): Fedora 14: glibc-2.13-1.i686 How reproducible: Always. Steps to Reproduce: 1. gcc -Wall error-segv.c && ./a.out Actual results: ./a.out: error_at_line with NULL filename: No such file or directory Segmentation fault (core dumped) Program received signal SIGSEGV, Segmentation fault. __strcmp_ia32 () at ../sysdeps/i386/i686/strcmp.S:39 39 L(oop): movb (%ecx), %al (gdb) bt #0 __strcmp_ia32 () at ../sysdeps/i386/i686/strcmp.S:39 #1 0x0070eea6 in __error_at_line (status=0, errnum=2, file_name=0x80485b9 "error-segv.c", line_number=10, message=0x8048594 "%s") at error.c:275 #2 0x080484bf in error_at_line () at /usr/include/bits/error.h:72 #3 main () at error-segv.c:10 Expected results: Since NULL != __FILE__, the error_one_per_line clause should not be triggered, and output should be generated. Additional info: Neither http://www.gnu.org/s/libc/manual/html_node/Error-Messages.html nor http://www.kernel.org/doc/man-pages/online/pages/man3/error.3.html give any indication that filename cannot be NULL; my tests show that without setting error_one_per_line, or even set with two consecutive NULL filenames, it works fine. -- Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.