This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH] vfprint: validate nargs and argument-based offsets

From: Kees Cook <kees at outflux dot net>
To: Paul Eggert <eggert at cs dot ucla dot edu>
Cc: libc-alpha at sourceware dot org
Date: Fri, 2 Mar 2012 11:53:20 -0800
Subject: Re: [PATCH] vfprint: validate nargs and argument-based offsets
References: <20120302185346.GE3990@outflux.net><4F511B15.6000400@cs.ucla.edu>

Hi Paul,

On Fri, Mar 02, 2012 at 11:10:13AM -0800, Paul Eggert wrote:
> On 03/02/2012 10:53 AM, Kees Cook wrote:
> > +    if (nargs > SIZE_MAX / bytes_per_arg)
> > +      {
> > +         done = -1;
> > +         goto all_done;
> > +      }
> 
> I just noticed: isn't vfprintf supposed to set errno on failure?
> The above code neglects to do that.
> Presumably it should set errno to ENOMEM,
> using __set_errno.

Good point. However, this needs fixing in more places than just the
vfprintf-nargs patch.

Out of about 20 failure conditions, only 3 seem to set errno:

$ grep -B2 'goto all_done' stdio-common/vfprintf.c | grep 'done = -1' | wc -l
23

$ grep -B2 'goto all_done' stdio-common/vfprintf.c | grep 'set_errno' | wc -l
3

Perhaps this could be an additional patch, after vfprintf-nargs is
committed?

-Kees

-- 
Kees Cook                                            @outflux.net

Follow-Ups:
- Re: [PATCH] vfprint: validate nargs and argument-based offsets
  - From: Paul Eggert
- [PATCH] vfprint: add missing errnos
  - From: Kees Cook

References:
- [PATCH] vfprint: validate nargs and argument-based offsets
  - From: Kees Cook
- Re: [PATCH] vfprint: validate nargs and argument-based offsets
  - From: Paul Eggert

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]