* [patch] strtok.3 add note about glibc-2.25+ segfault for call like strtok_r(NULL,"|",NULL)
@ 2020-04-25 12:52 Marcin Stolarek
2020-04-25 16:15 ` Michael Kerrisk (man-pages)
0 siblings, 1 reply; 3+ messages in thread
From: Marcin Stolarek @ 2020-04-25 12:52 UTC (permalink / raw)
To: mtk.manpages; +Cc: linux-man, wdijkstr
[-- Attachment #1: Type: text/plain, Size: 1003 bytes --]
The change in glibc commit d58ab810a6e325cc351684d174c48cabce01bcc1
(author in CC):
From commit description:"[...] Also avoid an unnecessary call to
strcspn after the last token by adding an early exit for an empty
string.[...]"
Important code change:
/* Parse S into tokens separated by characters in DELIM.
@@ -45,11 +41,17 @@
char *
__strtok_r (char *s, const char *delim, char **save_ptr)
{
- char *token;
+ char *end;
if (s == NULL)
s = *save_ptr;
+ if (*s == '\0')
+ {
+ *save_ptr = s;
+ return NULL;
+ }
+
may result in the mentioned segmentation fault if the char *str passed
to strtok_r is a NULL (for 1st call).
Checked glibc versions:
~/git-repos/glibc:release/2.25/master$ git tag
--contain=d58ab810a6e325cc351684d174c48cabce01bcc1
changelog-ends-here
glibc-2.25
glibc-2.25.90
glibc-2.26
glibc-2.26.9000
glibc-2.27
glibc-2.27.9000
glibc-2.28
glibc-2.28.9000
glibc-2.29
glibc-2.29.9000
glibc-2.30
glibc-2.30.9000
glibc-2.31
glibc-2.31.9000
cheers,
Marcin
[-- Attachment #2: 0001-Add-note-about-strtok_r-change-in-glibc-2.25.patch --]
[-- Type: text/x-patch, Size: 936 bytes --]
From cdbe9daffdb36400c23a1cb47acd7252d2ad434a Mon Sep 17 00:00:00 2001
From: Marcin Stolarek <stolarek.marcin@gmail.com>
Date: Sat, 25 Apr 2020 14:41:24 +0200
Subject: [PATCH 1/1] Add note about strtok_r() change in glibc-2.25
Calling strtok(NULL,',',NULL) after d58ab810a6e325cc351684d174c48cabce01bcc1
will result in NULL pointer dereference.
---
man3/strtok.3 | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/man3/strtok.3 b/man3/strtok.3
index 933a7b96c..8754a0216 100644
--- a/man3/strtok.3
+++ b/man3/strtok.3
@@ -197,6 +197,11 @@ is required to be NULL on the first call to
.BR strtok_r ()
that is being used to parse
.IR str .
+.\" glibc-2.25 d58ab810a6e325cc351684d174c48cabce01bcc1
+Since glibc-2.25 using
+.BR strtok_r ()
+with str set to NULL (for the 1st call) is not allowed and may result in
+segmentation fault.
.SH BUGS
Be cautious when using these functions.
If you do use them, note that:
--
2.17.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [patch] strtok.3 add note about glibc-2.25+ segfault for call like strtok_r(NULL,"|",NULL)
2020-04-25 12:52 [patch] strtok.3 add note about glibc-2.25+ segfault for call like strtok_r(NULL,"|",NULL) Marcin Stolarek
@ 2020-04-25 16:15 ` Michael Kerrisk (man-pages)
[not found] ` <CAC8K6BP1TFVjQRxs873FUCBNdOVNAkb+d1exd41Q_CTUvCjnSw@mail.gmail.com>
0 siblings, 1 reply; 3+ messages in thread
From: Michael Kerrisk (man-pages) @ 2020-04-25 16:15 UTC (permalink / raw)
To: Marcin Stolarek; +Cc: linux-man, wdijkstr
On Sat, 25 Apr 2020 at 14:52, Marcin Stolarek <stolarek.marcin@gmail.com> wrote:
>
> The change in glibc commit d58ab810a6e325cc351684d174c48cabce01bcc1
> (author in CC):
>
> From commit description:"[...] Also avoid an unnecessary call to
> strcspn after the last token by adding an early exit for an empty
> string.[...]"
>
> Important code change:
> /* Parse S into tokens separated by characters in DELIM.
> @@ -45,11 +41,17 @@
> char *
> __strtok_r (char *s, const char *delim, char **save_ptr)
> {
> - char *token;
> + char *end;
>
> if (s == NULL)
> s = *save_ptr;
>
> + if (*s == '\0')
> + {
> + *save_ptr = s;
> + return NULL;
> + }
> +
>
> may result in the mentioned segmentation fault if the char *str passed
> to strtok_r is a NULL (for 1st call).
I'm a little puzzled here. Getting a segfault if the first argument to
strtok_r() is NULL on the first call seems not so surprising to me.
Why would you expect otherwise? What am I missing?
Thanks,
Michael
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2020-04-25 16:55 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-04-25 12:52 [patch] strtok.3 add note about glibc-2.25+ segfault for call like strtok_r(NULL,"|",NULL) Marcin Stolarek
2020-04-25 16:15 ` Michael Kerrisk (man-pages)
[not found] ` <CAC8K6BP1TFVjQRxs873FUCBNdOVNAkb+d1exd41Q_CTUvCjnSw@mail.gmail.com>
2020-04-25 16:54 ` Wilco Dijkstra
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).