public inbox for glibc-bugs@sourceware.org help / color / mirror / Atom feed
* [Bug libc/18099] New: a.out: wordexp.c:1937: parse_param: Assertion `value != ((void *)0)' failed. @ 2015-03-09 21:08 konstantin.s.serebryany at gmail dot com 2015-03-19 15:08 ` [Bug libc/18099] " fweimer at redhat dot com ` (3 more replies) 0 siblings, 4 replies; 5+ messages in thread From: konstantin.s.serebryany at gmail dot com @ 2015-03-09 21:08 UTC (permalink / raw) To: glibc-bugs https://sourceware.org/bugzilla/show_bug.cgi?id=18099 Bug ID: 18099 Summary: a.out: wordexp.c:1937: parse_param: Assertion `value != ((void *)0)' failed. Product: glibc Version: 2.21 Status: NEW Severity: normal Priority: P2 Component: libc Assignee: unassigned at sourceware dot org Reporter: konstantin.s.serebryany at gmail dot com CC: drepper.fsp at gmail dot com #include <wordexp.h> int main() { wordexp_t w; wordexp("*??\\\\/::${#r-}", &w, 0); } gcc we12.c && ./a.out a.out: wordexp.c:1937: parse_param: Assertion `value != ((void *)0)' failed. Aborted (core dumped) 2.19 and fresh trunk are affected. Same fuzzer, see https://sourceware.org/glibc/wiki/FuzzingLibc -- You are receiving this mail because: You are on the CC list for the bug. ^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug libc/18099] a.out: wordexp.c:1937: parse_param: Assertion `value != ((void *)0)' failed. 2015-03-09 21:08 [Bug libc/18099] New: a.out: wordexp.c:1937: parse_param: Assertion `value != ((void *)0)' failed konstantin.s.serebryany at gmail dot com @ 2015-03-19 15:08 ` fweimer at redhat dot com 2015-07-12 8:08 ` neleai at seznam dot cz ` (2 subsequent siblings) 3 siblings, 0 replies; 5+ messages in thread From: fweimer at redhat dot com @ 2015-03-19 15:08 UTC (permalink / raw) To: glibc-bugs https://sourceware.org/bugzilla/show_bug.cgi?id=18099 Florian Weimer <fweimer at redhat dot com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |fweimer at redhat dot com Flags| |security+ --- Comment #1 from Florian Weimer <fweimer at redhat dot com> --- Reachable even with WRDE_NOCMD, so this is a security issue in builds with asserts enabled (which we support). -- You are receiving this mail because: You are on the CC list for the bug. ^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug libc/18099] a.out: wordexp.c:1937: parse_param: Assertion `value != ((void *)0)' failed. 2015-03-09 21:08 [Bug libc/18099] New: a.out: wordexp.c:1937: parse_param: Assertion `value != ((void *)0)' failed konstantin.s.serebryany at gmail dot com 2015-03-19 15:08 ` [Bug libc/18099] " fweimer at redhat dot com @ 2015-07-12 8:08 ` neleai at seznam dot cz 2015-07-21 10:39 ` fweimer at redhat dot com 2015-08-27 22:26 ` [Bug glob/18099] " jsm28 at gcc dot gnu.org 3 siblings, 0 replies; 5+ messages in thread From: neleai at seznam dot cz @ 2015-07-12 8:08 UTC (permalink / raw) To: glibc-bugs https://sourceware.org/bugzilla/show_bug.cgi?id=18099 Ondrej Bilka <neleai at seznam dot cz> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |neleai at seznam dot cz --- Comment #2 from Ondrej Bilka <neleai at seznam dot cz> --- I am not sure if we should fix that by removing that assert or refactoring code. That assertion is false because we do following: value = pattern ? __strdup (pattern) : pattern; free_value = 1; -- You are receiving this mail because: You are on the CC list for the bug. ^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug libc/18099] a.out: wordexp.c:1937: parse_param: Assertion `value != ((void *)0)' failed. 2015-03-09 21:08 [Bug libc/18099] New: a.out: wordexp.c:1937: parse_param: Assertion `value != ((void *)0)' failed konstantin.s.serebryany at gmail dot com 2015-03-19 15:08 ` [Bug libc/18099] " fweimer at redhat dot com 2015-07-12 8:08 ` neleai at seznam dot cz @ 2015-07-21 10:39 ` fweimer at redhat dot com 2015-08-27 22:26 ` [Bug glob/18099] " jsm28 at gcc dot gnu.org 3 siblings, 0 replies; 5+ messages in thread From: fweimer at redhat dot com @ 2015-07-21 10:39 UTC (permalink / raw) To: glibc-bugs https://sourceware.org/bugzilla/show_bug.cgi?id=18099 --- Comment #3 from Florian Weimer <fweimer at redhat dot com> --- (In reply to Florian Weimer from comment #1) > Reachable even with WRDE_NOCMD, so this is a security issue in builds with > asserts enabled (which we support). This is incorrect because wordexp is inherently DoS-prone with crafted patterns. -- You are receiving this mail because: You are on the CC list for the bug. ^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug glob/18099] a.out: wordexp.c:1937: parse_param: Assertion `value != ((void *)0)' failed. 2015-03-09 21:08 [Bug libc/18099] New: a.out: wordexp.c:1937: parse_param: Assertion `value != ((void *)0)' failed konstantin.s.serebryany at gmail dot com ` (2 preceding siblings ...) 2015-07-21 10:39 ` fweimer at redhat dot com @ 2015-08-27 22:26 ` jsm28 at gcc dot gnu.org 3 siblings, 0 replies; 5+ messages in thread From: jsm28 at gcc dot gnu.org @ 2015-08-27 22:26 UTC (permalink / raw) To: glibc-bugs https://sourceware.org/bugzilla/show_bug.cgi?id=18099 Joseph Myers <jsm28 at gcc dot gnu.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Component|libc |glob -- You are receiving this mail because: You are on the CC list for the bug. ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2015-08-27 22:26 UTC | newest] Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2015-03-09 21:08 [Bug libc/18099] New: a.out: wordexp.c:1937: parse_param: Assertion `value != ((void *)0)' failed konstantin.s.serebryany at gmail dot com 2015-03-19 15:08 ` [Bug libc/18099] " fweimer at redhat dot com 2015-07-12 8:08 ` neleai at seznam dot cz 2015-07-21 10:39 ` fweimer at redhat dot com 2015-08-27 22:26 ` [Bug glob/18099] " jsm28 at gcc dot gnu.org
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).