This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH 1/3] posix: Remove dynamic memory allocation from execl{e,p}
- From: Adhemerval Zanella <adhemerval dot zanella at linaro dot org>
- To: Paul Eggert <eggert at cs dot ucla dot edu>, libc-alpha at sourceware dot org
- Date: Thu, 25 Feb 2016 10:10:43 -0300
- Subject: Re: [PATCH 1/3] posix: Remove dynamic memory allocation from execl{e,p}
- Authentication-results: sourceware.org; auth=none
- References: <1456146172-12850-1-git-send-email-adhemerval dot zanella at linaro dot org> <1456146172-12850-2-git-send-email-adhemerval dot zanella at linaro dot org> <56CEACFF dot 7010805 at cs dot ucla dot edu>
On 25-02-2016 04:27, Paul Eggert wrote:
> Adhemerval Zanella wrote:
>> + int argc;
>> + va_list ap;
>> + va_start (ap, arg);
>> + for (argc = 1; va_arg (ap, const char *); argc++)
>> + continue;
>
> With my "no arbitrary limits" hat on, I noticed that this has undefined behavior if more than INT_MAX arguments are passed to execl. The existing code is no saint in this area (it messes up badly if more than UINT_MAX args are passed), but the new code should not make things worse, and we might as well fix the UINT_MAX bug while we're at it.
>
AFAIK the C standard defines the main entrypoint argc as signed int, so
I think it is indeed undefined behaviour if you intend to call a program
with more than INT_MAX arguments.
> Attached please find a contrived test case illustrating the bug on x86-64. This test succeeds on x86-64 now (in that the program prints "execl: Cannot allocate memory" and exits with status 0) but could crash with the proposed patch. Perhaps you can add this to the glibc test cases while you're at it.
>