This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug libc/12766] New: SEGV in error_at_line(3)
- From: "yselkowitz at cygwin dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sources dot redhat dot com
- Date: Mon, 16 May 2011 01:48:50 +0000
- Subject: [Bug libc/12766] New: SEGV in error_at_line(3)
- Auto-submitted: auto-generated
http://sourceware.org/bugzilla/show_bug.cgi?id=12766
Summary: SEGV in error_at_line(3)
Product: glibc
Version: 2.13
Status: NEW
Severity: critical
Priority: P2
Component: libc
AssignedTo: drepper.fsp@gmail.com
ReportedBy: yselkowitz@cygwin.com
Created attachment 5725
--> http://sourceware.org/bugzilla/attachment.cgi?id=5725
sample code
Description of problem:
If error_one_per_line is set to a non-zero value, and error_at_line(3) is
called consecutively with the same lineno, once with a NULL filename and the
other non-NULL (in either order), the program SEGVs. GDB shows the function
uses strcmp(3) without checking for NULL inputs.
Version-Release number of selected component (if applicable):
Fedora 14: glibc-2.13-1.i686
How reproducible:
Always.
Steps to Reproduce:
1. gcc -Wall error-segv.c && ./a.out
Actual results:
./a.out: error_at_line with NULL filename: No such file or directory
Segmentation fault (core dumped)
Program received signal SIGSEGV, Segmentation fault.
__strcmp_ia32 () at ../sysdeps/i386/i686/strcmp.S:39
39 L(oop): movb (%ecx), %al
(gdb) bt
#0 __strcmp_ia32 () at ../sysdeps/i386/i686/strcmp.S:39
#1 0x0070eea6 in __error_at_line (status=0, errnum=2,
file_name=0x80485b9 "error-segv.c", line_number=10, message=0x8048594 "%s")
at error.c:275
#2 0x080484bf in error_at_line () at /usr/include/bits/error.h:72
#3 main () at error-segv.c:10
Expected results:
Since NULL != __FILE__, the error_one_per_line clause should not be triggered,
and output should be generated.
Additional info:
Neither http://www.gnu.org/s/libc/manual/html_node/Error-Messages.html nor
http://www.kernel.org/doc/man-pages/online/pages/man3/error.3.html give any
indication that filename cannot be NULL; my tests show that without setting
error_one_per_line, or even set with two consecutive NULL filenames, it works
fine.
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.