Bug#366694: libc6: regerror.3 calls abort when given a bad argument
On Thu, May 11, 2006 at 12:57:52AM +0200, Denis Barbier wrote:
> On Wed, May 10, 2006 at 09:02:50AM -0400, Justin Pryzby wrote:
> > Package: libc6
> > Version: 2.3.6-7
> > Severity: normal
> >
> > The following causes a program to abort():
> >
> > regerror(ret, NULL, NULL, 0);
> >
> > AFAIK this is wrong, since regerror() is exported. It should detect
> > invalid values for "preg" (such as NULL, which could actually be a
> > compile-time check, __attribute__((not_null)) or whatever), and return
> > some special value if possible (doh, its a size_t ..) and perhaps set
> > errno=EINVAL (is this a case of "checking errno is mandatory"?).
> >
> > #2 0xb7ebd9d8 in *__GI_abort () at ../sysdeps/generic/abort.c:88
> > #3 0xb7f2cabc in __regerror (errcode=-1208283148, preg=0x0, errbuf=0x0,
> > errbuf_size=0) at regcomp.c:549
>
> See regcomp.c:
> ===============================================================
> size_t
> regerror (errcode, preg, errbuf, errbuf_size)
> int errcode;
> const regex_t *preg;
> char *errbuf;
> size_t errbuf_size;
> {
> const char *msg;
> size_t msg_size;
>
> if (BE (errcode < 0
> || errcode >= (int) (sizeof (__re_error_msgid_idx)
> / sizeof (__re_error_msgid_idx[0])), 0))
> /* Only error codes returned by the rest of the code should be passed
> to this routine. If we are given anything else, or if other regex
> code generates an invalid error code, then the program has a bug.
> Dump core so we can fix it. */
> abort ();
> ===============================================================
>
> Your errcode has an invalid value, you have to check why.
I know; in fact, it is because I was using rpmatch(), which doesn't
expose the necessary information. My complaint isn't that regerror()
fails, but that it calls abort, when it could simply return indicating
an invalid input.
Justin
Reply to: