This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[Bug libc/18096] null deref in wordexp/parse_dollars/parse_arith


https://sourceware.org/bugzilla/show_bug.cgi?id=18096

--- Comment #2 from Kostya Serebryany <konstantin.s.serebryany at gmail dot com> ---
One more case: 

  char *p = strdup("[a:*${C?}");

==3359==    at 0x4F1EF33: parse_param (wordexp.c:1843)
==3359==    by 0x4F1EF33: parse_dollars (wordexp.c:2102)
==3359==    by 0x4F20598: parse_glob (wordexp.c:490)
==3359==    by 0x4F20598: wordexp (wordexp.c:2416)

This time, the bug is here: 
@@ -1841,7 +1841,7 @@ envsubst:
            {
              const char *str = pattern;

-             if (str[0] == '\0')
+             if (str && str[0] == '\0')
                str = _("parameter null or not set");

              __fxprintf (NULL, "%s: %s\n", env, str);


An interesting side question: is wordexp supposed to print anything?

-- 
You are receiving this mail because:
You are on the CC list for the bug.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]