From: He X <xw897002528@gmail.com>
To: Bruno Haible <bruno@clisp.org>
Cc: bug-gnulib@gnu.org
Subject: Re: argp: pass NULL as msgid to dgettext without checks
Date: Sun, 6 Jan 2019 10:05:54 +0800 [thread overview]
Message-ID: <CAPG2z09unOA2L7qQvRriRgc4r2GJR0FR0UwxSaOoYVzpT9_eEA@mail.gmail.com> (raw)
In-Reply-To: <7163131.8dJE6gJv60@omega>
[-- Attachment #1: Type: text/plain, Size: 6737 bytes --]
prove that man-db and tar works(which used to segfault). hope builtin argp
could be updated soon. i will report if i met another NULL pointer case.
thanks for your work! :)
Bruno Haible <bruno@clisp.org> 于2019年1月6日周日 上午12:17写道:
> He X wrote:
> > > The msgid argument is a null-terminated string.
> >
> > problem is that msgid is a empty pointer, not a pointer to a
> > NULL-terminated string.
> >
> > full backtrace:
> >
> > ```
> > #0 0x00007ffff7fab65d in strcmp (l=0x0, r=0x7ffff7eff7df "Packaged by
> > %s\n") at src/string/strcmp.c:5
> > #1 0x00007ffff7f51351 in __mo_lookup (p=0x7ffff7efa000, size=55838,
> s=0x0)
> > at src/locale/__mo_lookup.c:25
> > #2 0x00007ffff7f51e14 in dcngettext (domainname=0x7ffff7ffe320 "tar",
> > msgid1=0x0, msgid2=0x0, n=1, category=5) at src/locale/dcngettext.c:211
> > #3 0x00007ffff7f52204 in dgettext (domainname=0x0, msgid=0x0) at
> > src/locale/dcngettext.c:271
> > #4 0x000055555558a63c in argp_args_usage (argp=argp@entry
> =0x7fffffffe740,
> > state=state@entry=0x7fffffffe8f0, levels=levels@entry=0x7fffffffe690,
> > advance=advance@entry=1, stream=stream@entry=0x5555555c5e20) at
> > argp-help.c:1415
> > #5 0x000055555558bcdd in _help (argp=0x7fffffffe740,
> > state=state@entry=0x7fffffffe8f0,
> > stream=0x7ffff7ffb2a0 <f>, flags=flags@entry=634,
> > name=0x7fffffffed94 "tar") at argp-help.c:1640
> > #6 0x000055555558ca08 in argp_state_help (state=state@entry
> =0x7fffffffe8f0,
> > stream=<optimized out>, flags=flags@entry=634) at argp-help.c:1741
> > #7 0x000055555558d088 in argp_default_parser (key=<optimized out>,
> > arg=<optimized out>, state=0x7fffffffe8f0) at argp-parse.c:96
> > #8 0x000055555558df89 in group_parse (arg=<optimized out>, key=63,
> > state=0x7fffffffe8f0, group=0x5555555c40b0) at argp-parse.c:234
> > #9 parser_parse_opt (val=<optimized out>, opt=50331711,
> > parser=0x7fffffffe880) at argp-parse.c:749
> > #10 parser_parse_next (arg_ebadkey=<synthetic pointer>,
> > parser=0x7fffffffe880) at argp-parse.c:860
> > #11 argp_parse (argp=<optimized out>, argc=2, argv=<optimized out>,
> > flags=<optimized out>, end_index=0x7fffffffe9f0, input=0x5555555c3500
> > <args>)
> > at argp-parse.c:928
> > #12 0x000055555555d3b7 in decode_options (argv=0x7fffffffeb58, argc=2) at
> > tar.c:2312
> > #13 main (argc=<optimized out>, argv=<optimized out>) at tar.c:2698
> > ```
>
> Thank you! With this stack trace, I'm fixing the issue as follows:
>
>
> 2019-01-05 Bruno Haible <bruno@clisp.org>
>
> argp: Don't pass an invalid argument to dgettext().
> Reported by He X <xw897002528@gmail.com>.
> * lib/argp.h (struct argp): Clarify that the args_doc field may be
> NULL.
> * lib/argp-help.c (argp_args_usage): Don't pass a NULL args_doc to
> dgettext().
>
> diff --git a/lib/argp.h b/lib/argp.h
> index 317ac03..7aba887 100644
> --- a/lib/argp.h
> +++ b/lib/argp.h
> @@ -69,6 +69,9 @@ typedef int error_t;
> extern "C" {
> #endif
>
> +/* Glibc documentation:
> + https://www.gnu.org/software/libc/manual/html_node/Argp.html */
> +
> /* A description of a particular option. A pointer to an array of
> these is passed in the OPTIONS field of an argp structure. Each option
> entry can correspond to one long option and/or one short option; more
> @@ -236,9 +239,9 @@ struct argp
> ARGP_KEY_ definitions below. */
> argp_parser_t parser;
>
> - /* A string describing what other arguments are wanted by this
> program. It
> - is only used by argp_usage to print the "Usage:" message. If it
> - contains newlines, the strings separated by them are considered
> + /* If non-NULL, a string describing what other arguments are wanted by
> this
> + program. It is only used by argp_usage to print the "Usage:"
> message.
> + If it contains newlines, the strings separated by them are considered
> alternative usage patterns, and printed on separate lines (lines
> after
> the first are prefix by " or: " instead of "Usage:"). */
> const char *args_doc;
> diff --git a/lib/argp-help.c b/lib/argp-help.c
> index e5375a0..e5e97ec 100644
> --- a/lib/argp-help.c
> +++ b/lib/argp-help.c
> @@ -1412,8 +1412,10 @@ argp_args_usage (const struct argp *argp, const
> struct argp_state *state,
> char *our_level = *levels;
> int multiple = 0;
> const struct argp_child *child = argp->children;
> - const char *tdoc = dgettext (argp->argp_domain, argp->args_doc), *nl =
> 0;
> + const char *tdoc =
> + argp->args_doc ? dgettext (argp->argp_domain, argp->args_doc) : NULL;
> const char *fdoc = filter_doc (tdoc, ARGP_KEY_HELP_ARGS_DOC, argp,
> state);
> + const char *nl = NULL;
>
> if (fdoc)
> {
>
>
> > you could see that from #3, msgid is 0x0.
> >
> > > I don't see which dgettext invocation in argp-help.c is the one that
> > needs the
> > NULL check.
> >
> > it's not one but multiple. argp->doc[argp_doc()], and
> > argp->args_doc[argp_args_usage[]) are what i have found . i am not sure
> if
> > there's any other, but i'll give the fix a test and see.
>
> Ah right. The 'doc' field of a 'struct argp' can be NULL as well, this is
> documented in
> https://www.gnu.org/software/libc/manual/html_node/Argp-Parsers.html.
> The 'doc' field in a 'struct argp_option' looks like it can be NULL as
> well,
> see argp-help.c line 1178.
>
>
> 2019-01-05 Bruno Haible <bruno@clisp.org>
>
> argp: Don't pass an invalid argument to dgettext().
> Reported by He X <xw897002528@gmail.com>.
> * lib/argp-help.c (print_header, argp_doc): Don't pass a NULL doc
> to
> dgettext().
>
> diff --git a/lib/argp-help.c b/lib/argp-help.c
> index e5e97ec..75abe84 100644
> --- a/lib/argp-help.c
> +++ b/lib/argp-help.c
> @@ -1021,7 +1021,7 @@ static void
> print_header (const char *str, const struct argp *argp,
> struct pentry_state *pest)
> {
> - const char *tstr = dgettext (argp->argp_domain, str);
> + const char *tstr = str ? dgettext (argp->argp_domain, str) : NULL;
> const char *fstr = filter_doc (tstr, ARGP_KEY_HELP_HEADER, argp,
> pest->state);
>
> if (fstr)
> @@ -1479,7 +1479,7 @@ argp_doc (const struct argp *argp, const struct
> argp_state *state,
> void *input = 0;
> int anything = 0;
> size_t inp_text_limit = 0;
> - const char *doc = dgettext (argp->argp_domain, argp->doc);
> + const char *doc = argp->doc ? dgettext (argp->argp_domain, argp->doc) :
> NULL;
> const struct argp_child *child = argp->children;
>
> if (doc)
>
>
--
Best regards,
xhe
[-- Attachment #2: Type: text/html, Size: 8470 bytes --]
prev parent reply other threads:[~2019-01-06 2:06 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-12-22 8:06 argp: pass NULL as msgid to dgettext without checks He X
2019-01-05 12:46 ` Bruno Haible
[not found] ` <CAPG2z086RQHgR4RbYKXMm+9MqUHzkSZhim9viCRVJw9LB3i-Bw@mail.gmail.com>
2019-01-05 16:17 ` Bruno Haible
2019-01-06 2:05 ` He X [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://lists.gnu.org/mailman/listinfo/bug-gnulib
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAPG2z09unOA2L7qQvRriRgc4r2GJR0FR0UwxSaOoYVzpT9_eEA@mail.gmail.com \
--to=xw897002528@gmail.com \
--cc=bruno@clisp.org \
--cc=bug-gnulib@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).