Bug 189545 - legal argp() arg_option keys (ints) can cause segfaults
legal argp() arg_option keys (ints) can cause segfaults
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: glibc (Show other bugs)
5
All Linux
medium Severity medium
: ---
: ---
Assigned To: Jakub Jelinek
Brian Brock
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-04-20 17:39 EDT by paul.knowles
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version: 2.4.90-1
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-04-25 11:29:58 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description paul.knowles 2006-04-20 17:39:13 EDT
Description of problem: argp() relies on broken library functions
 to test the integer argp_option.key parameter.  If that int falls
 outside of the testable parameters of isprint(), the program will
 segfault.

Version-Release number of selected component (if applicable):

How reproducible:  every time

Steps to Reproduce:
1. compile a program using argp() argument parsing,
  use as keys valid ints which the isprint() function cannot digest.
  
Actual results: seg fault on startup.
Expected results: correct running program

Additional info:

See FC5 bug 189525 for a discussion of how the badly defined 
C99 spec lets isprint(int) legally segfault for valid ints 
that fall outside of the range representable via unsigned char.

Unfortunately, the argp_option structure contains:
`int key'
          The integer key provided by the current option to the option
          parser.  If KEY has a value that is a printable ASCII
          character (i.e., `isascii (KEY)' is true), it _also_
          specifies a short option `-CHAR', where CHAR is the ASCII
          character with the code KEY.
The value of key is tested by isprint(), not isascii().  Legal values 
of the key can thus cause the program to segfault.  

Either the documentation for argp needs to be updated, or the argp() 
parsing  function should check the key before passing it to isprint().
As per the spec: `` int isalnum(int c); ... The c argument is an int, 
the value of which the application shall ensure is representable as 
an unsigned char or equal to the value of the macro EOF. If the argument
has any other value, the behavior is undefined.''  

The argp() function does not ensure the representability of its key as an
`unsigned char or ... EOF' before calling isprint().  The documentation 
does not demand that the argp() caller perform that check.  This is a bug.
Comment 1 paul.knowles 2006-04-21 08:17:21 EDT
Helpful comments from the gnu-lib mailing list 
have pointed out that this bug was fixed in argp.h
in july of last year.

the change in argp.h is basically:

       int __key = __opt->key;
-      return __key > 0 && isprint (__key);
+      return __key > 0 && __key <= UCHAR_MAX && isprint (__key);

can this be pushed into FC glibc please...
Comment 2 Jakub Jelinek 2006-04-25 11:29:58 EDT
Should be fixed in glibc-2.4.90-1 in rawhide.

Note You need to log in before you can comment on or make changes to this bug.