Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <5538EC8A.5080206@safe.ca>
Date: Thu, 23 Apr 2015 08:58:50 -0400
From: Jean-Marc Pigeon <jmp@...e.ca>
To: musl@...ts.openwall.com
Subject: Re: setenv if value=NULL, what say standard? Bug?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello...

[..]
>> 
>> As reported, the crashing application is hwclock,
>> (util-linux-2.26), this a kind of code in the field for a very
>> very long time,
> 
> And it either crashes every time it's run (for a given
> configuration, at least) or doesn't. If it does you know during
> early testing rather than letting a bug slip through.
> 
>> so the library (glibc and old libc) used for linux over the years
>> defined an expected behavior to this "UB".
> 
> No, that was merely a bug in glibc, not a feature.

Hmmm... glibc-2.21, setenv.c explicitly check the value NULL
condition, so situation is checked, you could object about
the way program handle it, but it is not a bug (situation
expected and addressed).


> Crashing is inevitable on the vast majority of invalid programs. 
> setenv("TZ", (char *)0xdeadbeef, 1); will almost certainly crash,
> and if it doesn't it will likely do something worse.
Fully agreed, this is pure garbage, out of spec. library
will/must crash (protect the hardware).
> 
>> (:-} why bother to return an error, just crash for all problems
>> in open, close, write, etc. just bringing the crashing concept to
>> the extreme :-}).
> 

> 
> int foo(const char *fn) { char buf[2]; strcpy(buf, "hello world,
> and goodbye");

In perfect world, strcpy should crash on the spot not going further.
this is clearly "out of spec" (a far fetch to be UB).


> int fd = open(fn ? fn : buf, O_RDONLY); return fd < 0 ? -1 : fd; }



- -- 

A bientôt
===========================================================
Jean-Marc Pigeon                        E-Mail: jmp@...e.ca
SAFE Inc.                             Phone: (514) 493-4280
  Clement, 'a kiss solution' to get rid of SPAM (at last)
     Clement' Home base <"http://www.clement.safe.ca">
===========================================================
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJVOOyKAAoJEAtgwJ4bBQU5E4YP/1G+J2vij9VF34tfZycG3iHO
Gs6y2WYsvyVZK66WsnDOOoaBr5h6bJv8pga++6hu/DVPpbXfZpY1ysNKQ63hxP02
1fFA8h1UjDJ4BM/aXHGothjp2kIXVn5CzJKuf2KUrFiR59t9WJu4KDR6/MsbRXTx
MsnOS25x+UCo4yQExemTuANAofdrst5mDyXovBdEaEGuGiTZuZri9NvZ8BZGEd4Y
v8cX/+UyY3X7UrB1+AAXbMEDs+miibXIGBI6EPPme5sDeVTm3V4kmqgdPu3Q+D00
Mgq6D+uj7Y3Wg8yHfzlVw/wZBYh1KGJNjOXJhKjmBvquCa3SQADAWBPc109J1Iip
v6efkBy3b36uWT5xoRtX4Db8+jdUUiVLLj4zRBytgkLokK8imvLlIGa1oBIUYGN8
RzC7Ma0hgHl7Tqxa7awvOfoVgqTWxC6saLmzJ+N8hFy5yg6YJYr+yvLY8fLkRPQM
BdNu/YzwFb1gIKDyq+lPtCjvMZVHpfcZMYorcV22N2zyaW7UTqU7BqRLR2mY/ojh
Nf8mUZNEsfeSNNHANZa5gixXFfDIQ/8zkZbIbY3XItESjdJft0wBmLBk8t0IJ6nO
zexIcNM3NozIZotsL+L47cHoedrYSLp/v2HK5kJ/V638qRGKhxkz9IBbe1UMwOfV
0kG3h7pAHZ5iBchsiQ8G
=yBbf
-----END PGP SIGNATURE-----


Download attachment "smime.p7s" of type "application/pkcs7-signature" (4242 bytes)

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.