From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <sourceware-bugzilla@sourceware.org>
Received: by sourceware.org (Postfix, from userid 48)
 id 404C93857C68; Wed, 30 Jun 2021 21:43:16 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 404C93857C68
From: "me at duckie dot co" <sourceware-bugzilla@sourceware.org>
To: glibc-bugs@sourceware.org
Subject: [Bug stdio/28038] New: getdelim()/getline() does not add NUL
 terminator if first character is EOF.
Date: Wed, 30 Jun 2021 21:43:15 +0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: glibc
X-Bugzilla-Component: stdio
X-Bugzilla-Version: 2.28
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: normal
X-Bugzilla-Who: me at duckie dot co
X-Bugzilla-Status: UNCONFIRMED
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: P2
X-Bugzilla-Assigned-To: unassigned at sourceware dot org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status
 bug_severity priority component assigned_to reporter target_milestone
 attachments.created
Message-ID: <bug-28038-131@http.sourceware.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: http://sourceware.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: glibc-bugs@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Glibc-bugs mailing list <glibc-bugs.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/glibc-bugs>,
 <mailto:glibc-bugs-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/glibc-bugs/>
List-Help: <mailto:glibc-bugs-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/glibc-bugs>,
 <mailto:glibc-bugs-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Jun 2021 21:43:16 -0000

https://sourceware.org/bugzilla/show_bug.cgi?id=3D28038

            Bug ID: 28038
           Summary: getdelim()/getline() does not add NUL terminator if
                    first character is EOF.
           Product: glibc
           Version: 2.28
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: stdio
          Assignee: unassigned at sourceware dot org
          Reporter: me at duckie dot co
  Target Milestone: ---

Created attachment 13520
  --> https://sourceware.org/bugzilla/attachment.cgi?id=3D13520&action=3Ded=
it
Testcase (run with: printf '' | valgrind ./testcase)

According to IEEE Std 1003.1-2017 (
https://pubs.opengroup.org/onlinepubs/9699919799/functions/getdelim.html ):

> The characters read, including any delimiter, shall be stored in the obje=
ct,
> and a terminating NUL added when the delimiter or end-of-file is encounte=
red.

However, if the first character is an end-of-file, the first character of t=
he
line should be a NUL -- instead, it's uninitialized.

Looking at the source, it appears this is still a problem:
https://sourceware.org/git/?p=3Dglibc.git;a=3Dblob;f=3Dlibio/iogetdelim.c;h=
b=3DHEAD

I have attached a testcase. If you compile the testcase (gcc -Wall -Werror
-pedantic testcase.c -o testcase), then do `printf '' | valgrind
--track-origins=3Dyes ./testcase`, you get the following:


puppy@cerberus:~/boreutils$ printf '' | valgrind --track-origins=3Dyes ./te=
stcase
=3D=3D2904=3D=3D Memcheck, a memory error detector
=3D=3D2904=3D=3D Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward e=
t al.
=3D=3D2904=3D=3D Using Valgrind-3.14.0 and LibVEX; rerun with -h for copyri=
ght info
=3D=3D2904=3D=3D Command: ./testcase
=3D=3D2904=3D=3D=20
bytes_read =3D -1, line =3D '77709376'
=3D=3D2904=3D=3D Conditional jump or move depends on uninitialised value(s)
=3D=3D2904=3D=3D    at 0x4838C65: strlen (vg_replace_strmem.c:460)
=3D=3D2904=3D=3D    by 0x48A99EE: vfprintf (vfprintf.c:1638)
=3D=3D2904=3D=3D    by 0x48B0605: printf (printf.c:33)
=3D=3D2904=3D=3D    by 0x4011CE: main (in /home/puppy/boreutils/testcase)
=3D=3D2904=3D=3D  Uninitialised value was created by a heap allocation
=3D=3D2904=3D=3D    at 0x483577F: malloc (vg_replace_malloc.c:299)
=3D=3D2904=3D=3D    by 0x48C8C2E: getdelim (iogetdelim.c:62)
=3D=3D2904=3D=3D    by 0x401183: main (in /home/puppy/boreutils/testcase)
=3D=3D2904=3D=3D=20
> (bytes_read =3D=3D -1 && line !=3D NULL): ''
=3D=3D2904=3D=3D=20
=3D=3D2904=3D=3D HEAP SUMMARY:
=3D=3D2904=3D=3D     in use at exit: 0 bytes in 0 blocks
=3D=3D2904=3D=3D   total heap usage: 3 allocs, 3 frees, 5,240 bytes allocat=
ed
=3D=3D2904=3D=3D=20
=3D=3D2904=3D=3D All heap blocks were freed -- no leaks are possible
=3D=3D2904=3D=3D=20
=3D=3D2904=3D=3D For counts of detected and suppressed errors, rerun with: =
-v
=3D=3D2904=3D=3D ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 fro=
m 0)
puppy@cerberus:~/boreutils$

--=20
You are receiving this mail because:
You are on the CC list for the bug.=