This is the mail archive of the libc-hacker@sourceware.cygnus.com mailing list for the glibc project.

Note that libc-hacker is a closed list. You may look at the archives of this list, but subscription and posting are not open.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]

Re: A patch for exit.c

To: drepper at cygnus dot com
Subject: Re: A patch for exit.c
From: hjl at lucon dot org (H.J. Lu)
Date: Thu, 25 Nov 1999 10:33:56 -0800 (PST)
Cc: libc-hacker at sourceware dot cygnus dot com

> 
> hjl@lucon.org (H.J. Lu) writes:
> 
> > I only see it under ia64 which is still being worked on. A program
> > like
> 
> If this cannot be reproduced on another architecture this means
> something is wrong in the ia64 port.  If it is a NULL pointer
> dereferencing as you said it should be obvious.  Looking at the code I
> see there is a test for ef_free.  This must be the value of the
> flavour byte if nothing was registered.  So you have a problem
> elsewhere.  By trying to fix the symptoms you don't gain anything, you
> should have learned this meanwhile.
> 

Have you looked

      do
        {
          const struct exit_function *const f =
            &__exit_funcs->fns[--__exit_funcs->idx];
	  .....
	}
      while (__exit_funcs->idx > 0);

What if __exit_funcs->idx is 0? You will get

	f = &__exit_funcs->fns[-1];

What does that give you? Even worse idx is size_t. You get

	f = &__exit_funcs->fns[(size_t) -1];

It is very bad. I don't understand why you think it is ok.


-- 
H.J. Lu (hjl@gnu.org)

References:
- Re: A patch for exit.c
  - From: Ulrich Drepper

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]