Bug 52691 - str{n}{case}cmp may cause segmentation violation with NULL pointers passed
Summary: str{n}{case}cmp may cause segmentation violation with NULL pointers passed
Status: Closed FIXED
Alias: None
Product: Base System
Classification: Unclassified
Component: bin (show other bugs)
Version: Unspecified
Hardware: Any Any
: Normal Affects Only Me
Assignee: freebsd-bugs (Nobody)
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2003-05-26 12:40 UTC by Seva Gluschenko
Modified: 2009-01-14 20:29 UTC (History)
0 users

See Also:

Attachments
file.diff (1.23 KB, patch)
2003-05-26 12:40 UTC, Seva Gluschenko 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Seva Gluschenko 2003-05-26 12:40:17 UTC 
	Using libc's implementation of case-insensitive string comparison (str[n][case]cmp)
	is possible to have the segmentation violation because NULL pointers aren't checked
	and *p++ is used blindly. Any occasional call to these functions with one of string
	pointers is equal to NULL may catch signal 11 and cause program to die.

Fix: Apply patch below, rebuild and reinstall libc. Don't use
	str[n][case]cmp from libc until it's fixed unless you want your
	projects to die unexpectedly.
How-To-Repeat: 
	create the simplest test:

#include <string.h>

int main() {

	char *s1 = NULL, *s2 = NULL;

	return strcmp(s1, s2);
}

	> gcc -o test test.c
	> ./test
	Segmentation fault (core dumped)
Comment 1 Dag-Erling Smørgrav freebsd_committer freebsd_triage 2003-05-26 21:53:02 UTC 
State Changed
From-To: open->closed

The bug is in the application that passes NULL to strcmp.