[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#369255: libc6: inconsistent argp_parse environment variables can cause crashes

Package: libc6
Version: 2.3.6-7
Severity: normal

$ ARGP_HELP_FMT=rmargin=29 tar --h |wc -l; echo $PIPESTATUS    

$ dpkg-query -W tar
tar     1.15.1dfsg-3

My argp manpage (a work-in-progress) reads:

The column in which options' documentation is printed is set to
.IR n; default: 29.

Presumably, inconsistent options should generate a diagnostic message,
and the manually-set inconsistent parts should be either ignored, or
clipped to the nearest inconsistent value.  Strangely, this is what
happened when I tried an SGID program which uses argp:

ARGP_HELP_FMT=rmargin=29 /usr/bin/dotlock.mailutils --h
dotlock.mailutils: ARGP_HELP_FMT: rmargin value is less then or equal to opt-doc-col

So it seems that a better argp parameter range checking is compiled
into mailutils:

Breakpoint 2, 0xb7f94496 in argp_parse () from /usr/lib/libmailutils.so.1

$ dpkg-query -W mailutils
mailutils       1:0.6.93-3

I don't see any reason for mailutils to be compiled with
--with-included-argp, either (or for autofoo to fail to recognize that
libc includes argp, if that's the cause).

Reply to: