This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug libc/18096] null deref in wordexp/parse_dollars/parse_arith
- From: "konstantin.s.serebryany at gmail dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Mon, 09 Mar 2015 18:56:50 +0000
- Subject: [Bug libc/18096] null deref in wordexp/parse_dollars/parse_arith
- Auto-submitted: auto-generated
- References: <bug-18096-131 at http dot sourceware dot org/bugzilla/>
https://sourceware.org/bugzilla/show_bug.cgi?id=18096
--- Comment #2 from Kostya Serebryany <konstantin.s.serebryany at gmail dot com> ---
One more case:
char *p = strdup("[a:*${C?}");
==3359== at 0x4F1EF33: parse_param (wordexp.c:1843)
==3359== by 0x4F1EF33: parse_dollars (wordexp.c:2102)
==3359== by 0x4F20598: parse_glob (wordexp.c:490)
==3359== by 0x4F20598: wordexp (wordexp.c:2416)
This time, the bug is here:
@@ -1841,7 +1841,7 @@ envsubst:
{
const char *str = pattern;
- if (str[0] == '\0')
+ if (str && str[0] == '\0')
str = _("parameter null or not set");
__fxprintf (NULL, "%s: %s\n", env, str);
An interesting side question: is wordexp supposed to print anything?
--
You are receiving this mail because:
You are on the CC list for the bug.