wcstok(3) code sample

wcstok(3) code sample

[Stefan Kanthak]

Hi,

the examples section of wcstok(3) shows the following code
which exhibits undefined behaviour and typically segfaults:

<https://man7.org/linux/man-pages/man3/wcstok.3.html#EXAMPLES>

|  wchar_t *wcs = ...;
|  wchar_t *token;
|  wchar_t *state;
|  for (token = wcstok(wcs, " \t\n", &state);
|       token != NULL;
|       token = wcstok(NULL, " \t\n", &state)) {
|       ...
|  }

The string literal pointed to by wcs is read-only, and an
attempt to modify a string literal results in undefined
behaviour; wcstok() but writes NULs into its input string.

FIX: replace the first line with either

|  wchar_t *wcs = strdup(...);

     or

|  wchar_t wcs[] = ...;

regards
Stefan

Re: wcstok(3) code sample

[Jakub Wilk]

* Stefan Kanthak <stefan.kanthak@nexgo.de>, 2021-07-12, 11:07:
>|  wchar_t *wcs = strdup(...);

You meant wcsdup().

-- 
Jakub Wilk

Re: wcstok(3) code sample

[Alejandro Colomar (man-pages)]

Hi Stefan,

On 7/12/21 11:07 AM, Stefan Kanthak wrote:
> Hi,
> 
> the examples section of wcstok(3) shows the following code
> which exhibits undefined behaviour and typically segfaults:
> 
> <https://man7.org/linux/man-pages/man3/wcstok.3.html#EXAMPLES>
> 
> |  wchar_t *wcs = ...;
> |  wchar_t *token;
> |  wchar_t *state;
> |  for (token = wcstok(wcs, " \t\n", &state);
> |       token != NULL;
> |       token = wcstok(NULL, " \t\n", &state)) {
> |       ...
> |  }
> 
> The string literal pointed to by wcs is read-only, and an
> attempt to modify a string literal results in undefined
> behaviour; wcstok() but writes NULs into its input string.
> 
> FIX: replace the first line with either
> 
> |  wchar_t *wcs = strdup(...);
> 
>       or
> 
> |  wchar_t wcs[] = ...;

That code is a bit unfortunate.  It is not a complete program, so it can 
be interpreted in different ways, one of them the one you said, which 
results in UB.

I guess the intent of the code was that wcs was assigned a pointer to a 
wchar_t * (not a literal), and therefore, it would be correct.  The code 
predates version control, so we'll never know...

Would you mind sending a complete example?

Thanks,

Alex

> 
> regards
> Stefan
> 


-- 
Alejandro Colomar
Linux man-pages comaintainer; https://www.kernel.org/doc/man-pages/
http://www.alejandro-colomar.es/

Re: wcstok(3) code sample

[Stefan Kanthak]

Hi Alex,

you wrote Sunday, July 25, 2021 10:25 PM:

> Hi Stefan,
> 
> On 7/12/21 11:07 AM, Stefan Kanthak wrote:
>> Hi,
>> 
>> the examples section of wcstok(3) shows the following code
>> which exhibits undefined behaviour and typically segfaults:
>> 
>> <https://man7.org/linux/man-pages/man3/wcstok.3.html#EXAMPLES>
>> 
>> |  wchar_t *wcs = ...;
>> |  wchar_t *token;
>> |  wchar_t *state;
>> |  for (token = wcstok(wcs, " \t\n", &state);
>> |       token != NULL;
>> |       token = wcstok(NULL, " \t\n", &state)) {
>> |       ...
>> |  }
>> 
>> The string literal pointed to by wcs is read-only, and an
>> attempt to modify a string literal results in undefined
>> behaviour; wcstok() but writes NULs into its input string.
>> 
>> FIX: replace the first line with either
>> 
>> |  wchar_t *wcs = strdup(...);
>> 
>>       or
>> 
>> |  wchar_t wcs[] = ...;
> 
> That code is a bit unfortunate.

Yes.

> It is not a complete program, so it can be interpreted in different ways,
> one of them the one you said, which results in UB.

Correct: I interpret such snippets in their worst case and notice olny/first
their vulnerabilities or UB.

> I guess the intent of the code was that wcs was assigned a pointer to a 
> wchar_t * (not a literal), and therefore, it would be correct.

Yes.

> The code predates version control, so we'll never know...
> 
> Would you mind sending a complete example?

Just add a comment which tells that the string pointed to by wcs must not
be a literal (or read-only).

|  wchar_t *wcs[] = ...;    // must not point to a literal or read-only memory

regards
Stefan