bug-gnulib
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

glob() undefined sanitizer triggers


From: Tim Rühsen
Subject: glob() undefined sanitizer triggers
Date: Wed, 18 Oct 2017 17:13:05 +0200
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.3.0

Hi,

my fuzzer prints:

glob.c:826:37: runtime error: null pointer passed as argument 2, which
is declared to never be null
/usr/include/string.h:388:14: note: nonnull attribute specified here
    #0 0x552b1e in rpl_glob /usr/oms/src/wget2/lib/glob.c:825:28
    #1 0x5f0925 in wget_strnglob /usr/oms/src/wget2/libwget/utils.c:386:6
    #2 0x5208dd in _shell_expand /usr/oms/src/wget2/src/options.c:214:18
    #3 0x527f7c in parse_stats /usr/oms/src/wget2/src/options.c:675:15
    #4 0x51a288 in set_long_option /usr/oms/src/wget2/src/options.c:1927:12
    #5 0x5215a5 in _read_config /usr/oms/src/wget2/src/options.c:2102:14
    #6 0x5219f3 in _read_config /usr/oms/src/wget2/src/options.c:2042:12
    #7 0x51c4b3 in read_config /usr/oms/src/wget2/src/options.c:2134:9
    #8 0x517c5f in init /usr/oms/src/wget2/src/options.c:2353:2

here, lib/glob.c, L825+826:

                *((char *) mempcpy (mempcpy (dirname, p->pw_dir, home_len),
                                    end_name, rest_len)) = '\0';

My call to glob() is
  glob(globstr, GLOB_TILDE|GLOB_ONLYDIR|GLOB_NOCHECK, NULL, &pglob)

where globstr != NULL but might be an empty string (if needed, I can
check that tomorrow. Let me know.).


With Best Regards, Tim


Attachment: signature.asc
Description: OpenPGP digital signature


reply via email to

[Prev in Thread] Current Thread [Next in Thread]