This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug libc/13983] __libc_message() shouldn't blindly write to STDERR_FILENO
- From: "bugdal at aerifal dot cx" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sources dot redhat dot com
- Date: Mon, 16 Apr 2012 10:22:04 +0000
- Subject: [Bug libc/13983] __libc_message() shouldn't blindly write to STDERR_FILENO
- Auto-submitted: auto-generated
- References: <bug-13983-131@http.sourceware.org/bugzilla/>
http://sourceware.org/bugzilla/show_bug.cgi?id=13983
--- Comment #15 from Rich Felker <bugdal at aerifal dot cx> 2012-04-16 10:22:04 UTC ---
William, you're wrong. Undefined behavior is undefined behavior. A great
example would be if you overflow a buffer on the stack (without fortify) and
overwrite the return value. Now, when your program is run with input from an
attacker, the attacker's shellcode (which is not part of your program) is able
to write to fd #2 all it likes. This does not violate the requirements of POSIX
because undefined behavior is undefined behavior. If you invoke undefined
behavior, ANYTHING can happen. All bets are off. Note that, per the C standard,
undefined behavior is even prescient. It's not just code after the UB is
invoked that can do ANYTHING. Even code that runs conceptually before the UB is
invoked can do anything, provided it can be determined that UB is invoked at
some point in the program.
If you don't like this, you should be programming in Java rather than C.
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.