Bug#366694: marked as done (libc6: regerror.3 calls abort when given a bad argument)

[owner@bugs.debian.org (Debian Bug Tracking System)]

Your message dated Thu, 11 May 2006 00:57:52 +0200
with message-id <20060510225752.GC5531@linuxfr.org>
and subject line Bug#366694: libc6: regerror.3 calls abort when given a bad argument
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--- Begin Message ---

• To: submit@bugs.debian.org
• Subject: libc6: regerror.3 calls abort when given a bad argument
• From: Justin Pryzby <justinpryzby@users.sourceforge.net>
• Date: Wed, 10 May 2006 09:02:50 -0400
• Message-id: <[🔎] 20060510130250.GG21065@andromeda>

Package: libc6
Version: 2.3.6-7
Severity: normal

The following causes a program to abort():

	regerror(ret, NULL, NULL, 0);

AFAIK this is wrong, since regerror() is exported.  It should detect
invalid values for "preg" (such as NULL, which could actually be a
compile-time check, __attribute__((not_null)) or whatever), and return
some special value if possible (doh, its a size_t ..) and perhaps set
errno=EINVAL (is this a case of "checking errno is mandatory"?).

#2  0xb7ebd9d8 in *__GI_abort () at ../sysdeps/generic/abort.c:88
#3  0xb7f2cabc in __regerror (errcode=-1208283148, preg=0x0, errbuf=0x0, 
    errbuf_size=0) at regcomp.c:549

--- End Message ---

--- Begin Message ---

• To: Justin Pryzby <justinpryzby@users.sourceforge.net>, 366694-done@bugs.debian.org
• Subject: Re: Bug#366694: libc6: regerror.3 calls abort when given a bad argument
• From: Denis Barbier <barbier@linuxfr.org>
• Date: Thu, 11 May 2006 00:57:52 +0200
• Message-id: <20060510225752.GC5531@linuxfr.org>
• In-reply-to: <[🔎] 20060510130250.GG21065@andromeda>
• References: <[🔎] 20060510130250.GG21065@andromeda>

On Wed, May 10, 2006 at 09:02:50AM -0400, Justin Pryzby wrote:
> Package: libc6
> Version: 2.3.6-7
> Severity: normal
> 
> The following causes a program to abort():
> 
> 	regerror(ret, NULL, NULL, 0);
> 
> AFAIK this is wrong, since regerror() is exported.  It should detect
> invalid values for "preg" (such as NULL, which could actually be a
> compile-time check, __attribute__((not_null)) or whatever), and return
> some special value if possible (doh, its a size_t ..) and perhaps set
> errno=EINVAL (is this a case of "checking errno is mandatory"?).
> 
> #2  0xb7ebd9d8 in *__GI_abort () at ../sysdeps/generic/abort.c:88
> #3  0xb7f2cabc in __regerror (errcode=-1208283148, preg=0x0, errbuf=0x0, 
>     errbuf_size=0) at regcomp.c:549

See regcomp.c:
===============================================================
   size_t
   regerror (errcode, preg, errbuf, errbuf_size)
       int errcode;
       const regex_t *preg;
       char *errbuf;
       size_t errbuf_size;
   {
     const char *msg;
     size_t msg_size;
   
     if (BE (errcode < 0
   	  || errcode >= (int) (sizeof (__re_error_msgid_idx)
   			       / sizeof (__re_error_msgid_idx[0])), 0))
       /* Only error codes returned by the rest of the code should be passed
          to this routine.  If we are given anything else, or if other regex
          code generates an invalid error code, then the program has a bug.
          Dump core so we can fix it.  */
       abort ();
===============================================================

Your errcode has an invalid value, you have to check why.

Denis

--- End Message ---