This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug nis/20978] New: strlen on null pointer on nss_nisplus

From: "jsm28 at gcc dot gnu.org" <sourceware-bugzilla at sourceware dot org>
To: glibc-bugs at sourceware dot org
Date: Fri, 16 Dec 2016 16:05:07 +0000
Subject: [Bug nis/20978] New: strlen on null pointer on nss_nisplus
Auto-submitted: auto-generated

https://sourceware.org/bugzilla/show_bug.cgi?id=20978

            Bug ID: 20978
           Summary: strlen on null pointer on nss_nisplus
           Product: glibc
           Version: 2.24
            Status: NEW
          Severity: normal
          Priority: P2
         Component: nis
          Assignee: unassigned at sourceware dot org
          Reporter: jsm28 at gcc dot gnu.org
                CC: kukuk at suse dot de
  Target Milestone: ---

glibc currently fails to build with mainline GCC with an error:

nss_nisplus/nisplus-alias.c: In function '_nss_nisplus_getaliasbyname_r':
nss_nisplus/nisplus-alias.c:303:39: error: '%s' directive argument is null
[-Werror=format-length=]
   snprintf (buf, sizeof (buf), "[name=%s],%s", name, tablename_val);
                                       ^~
nss_nisplus/nisplus-alias.c:300:12: error: argument 1 null where non-null
expected [-Werror=nonnull]
   char buf[strlen (name) + 9 + tablename_len];
            ^~~~~~~~~~~~~
In file included from ../include/string.h:54:0,
                 from ../sysdeps/generic/hp-timing-common.h:40,
                 from ../sysdeps/x86_64/hp-timing.h:38,
                 from ../include/libc-internal.h:7,
                 from ../sysdeps/x86_64/nptl/tls.h:29,
                 from ../sysdeps/x86_64/atomic-machine.h:20,
                 from ../include/atomic.h:50,
                 from nss_nisplus/nisplus-alias.c:19:
../string/string.h:394:15: note: in a call to function 'strlen' declared here
 extern size_t strlen (const char *__s)
               ^~~~~~

This error appears correct.  The code in question looks like:

  if (name != NULL)
    {
      *errnop = EINVAL;
      return NSS_STATUS_UNAVAIL;
    }

  char buf[strlen (name) + 9 + tablename_len];

That is, the strlen call is only ever reached if name is a NULL pointer.  I
don't know what's actually intended (a comparison == NULL instead of != NULL?),
but the code as written is nonsensical.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Follow-Ups:
- [Bug nis/20978] strlen on null pointer in nss_nisplus
  - From: jsm28 at gcc dot gnu.org
- [Bug nis/20978] strlen on null pointer in nss_nisplus
  - From: schwab at linux-m68k dot org
- [Bug nis/20978] strlen on null pointer in nss_nisplus
  - From: cvs-commit at gcc dot gnu.org
- [Bug nis/20978] strlen on null pointer in nss_nisplus
  - From: jsm28 at gcc dot gnu.org

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]