This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug libc/20342] New: getopt_long sets optind incorrectly when -W is ambiguous
- From: "kevin at kevinlocke dot name" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Sat, 09 Jul 2016 05:46:28 +0000
- Subject: [Bug libc/20342] New: getopt_long sets optind incorrectly when -W is ambiguous
- Auto-submitted: auto-generated
https://sourceware.org/bugzilla/show_bug.cgi?id=20342
Bug ID: 20342
Summary: getopt_long sets optind incorrectly when -W is
ambiguous
Product: glibc
Version: 2.25
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: libc
Assignee: unassigned at sourceware dot org
Reporter: kevin at kevinlocke dot name
CC: drepper.fsp at gmail dot com
Target Milestone: ---
Created attachment 9382
--> https://sourceware.org/bugzilla/attachment.cgi?id=9382&action=edit
Trivial patch to remove unnecessary increment of optind
When the argument to -W for "W;" (which causes -W opt to be treated like --opt)
could match multiple long option names, optind is incremented beyond the
ambiguous argument (and beyond argc if the ambiguous argument is the last
argument). This can cause incorrect behavior, including SIGSEGV due to
out-of-bounds access of argv if getopt_long is called again. The issue occurs
both when the optarg for -W is part of the same argument ("-Wopt") and when it
is a separate argument ("-W" "opt").
The issue appears to be present since the initial commit with -W support
(11336c), although I have not confirmed this is the case due to the difficulty
of building such an old version. I suspect there aren't many users of this
feature, which has allowed the issue to escape detection. The risk of fixing
it should be low.
The most obvious fix is to simply remove d->optind++ from posix/getopt.c:993.
I've attached a patch which does this along with test cases to demonstrate the
issue.
Thanks for considering,
Kevin
--
You are receiving this mail because:
You are on the CC list for the bug.