Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 190248 - [patch] dev-libs/libmix - exported pattern() function is broken, does strcmp with NULL (will always crash)
Summary: [patch] dev-libs/libmix - exported pattern() function is broken, does strcmp ...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: [OLD] Library (show other bugs)
Hardware: All Linux
: High major (vote)
Assignee: No maintainer - Look at https://wiki.gentoo.org/wiki/Project:Proxy_Maintainers if you want to take care of it
URL:
Whiteboard:
Keywords: Inclusion
Depends on:
Blocks:
 
Reported: 2007-08-25 22:38 UTC by Israel G. Lugo
Modified: 2009-01-08 19:12 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
fix sigsegv on pattern() (libmix-v2.05-fix-pattern.patch,415 bytes, patch)
2007-08-25 23:00 UTC, Israel G. Lugo 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Israel G. Lugo 2007-08-25 22:38:50 UTC 
I just got the following notice when emerging dev-libs/libmix-2.05 (which is used for example by net-analyzer/netcat):

 * QA Notice: Package has poor programming practices which may compile
 *            fine but exhibit random runtime failures.
 * misc/misc.c:212: warning: null argument where non-null required (argument 1)
misc/misc.c:212: warning: null argument where non-null required (argument 1)
misc/misc.c:212: warning: null argument where non-null required (argument 2)
[several repetitions snipped for brevity]

Looking into the code, I found that the warning came from the pattern() function, which libmix exports and is badly broken; it's doing a strcmp against a NULL pointer, which means if called, it will crash with a segmentation fault:

int
pattern(char *data, char **list)
{
  int i = 0;

  while (strcmp(list[i++], NULL) != 0)
    if (strstr(data, list[i]) != NULL)
      return 1;

  return 0;
}

The code is not commented, but from the libmix.3 manpage I was able to gather the purpose of the function (it's basically a strstr applied to an array of strings). The header at mix/mix.h states that the array should be terminated with a NULL entry, so the fix was obvious (loop while list[i++] != NULL).

I am attaching a patch below, to fix the problem.

Reproducible: Always

Steps to Reproduce:
Comment 1 Israel G. Lugo 2007-08-25 23:00:35 UTC 
Created attachment 129184 [details, diff]
fix sigsegv on pattern()

ChangeLog entry:

2007-08-25  Israel G. Lugo <israel.lugo@lugosys.com>

	* misc/misc.c (pattern): Fix breakage caused by derreferencing NULL.

I am going to email this upstream as well (to mixter@hacktivismo.com, which is the contact listed on the homepage).
Comment 2 Israel G. Lugo 2007-11-05 04:04:44 UTC 
Adding "inclusion" keyword and bumping, over 2 months without a reply since bug report...
Comment 3 Israel G. Lugo 2007-11-05 04:35:33 UTC 
Forgot to mention: I sent the patch upstream as well. It was accepted a few days after this bug was submitted, but they said the project "is not under active development". No new version has come out from upstream since, and the code available from http://mixter.void.ru/${P/.}.tgz (libmix-205, SRC_URI for the ebuild) still contains the bug that this patch fixes. All the more reason to include the patch on the ebuild, I would think - please review and commit?
Comment 4 Jeroen Roovers (RETIRED) gentoo-dev 2009-01-08 19:12:02 UTC 
Fixed in libmix-2.05-r1 revision bump.