[BZ,#18096] Handle null dereferences in wordexp

Hi,

Kostya, and Carlos wrote this patch on bugzilla but I didn't seen it on
libc-alpha.

These look good for me. Carlos, could you commit it?

On 12 Jul 2015 09:49, Ondřej Bílka wrote:
> -	  else
> +	  else if (flags & WRDE_SHOWERR)

i don't think this falls under the banner of preventing NULL derefs
-mike

On Mon, Jul 27, 2015 at 11:22:28PM -0400, Mike Frysinger wrote:
> On 12 Jul 2015 09:49, Ondřej Bílka wrote:
> > -	  else
> > +	  else if (flags & WRDE_SHOWERR)
> 
> i don't think this falls under the banner of preventing NULL derefs

I just took original patch from bugzilla. It was there with rationale
that printing whats in branch is also a bug.

ping
On Sun, Jul 12, 2015 at 09:49:17AM +0200, Ondřej Bílka wrote:
> Hi,
> 
> Kostya, and Carlos wrote this patch on bugzilla but I didn't seen it on
> libc-alpha.
> 
> These look good for me. Carlos, could you commit it?
> 
> 
> diff --git a/posix/wordexp.c b/posix/wordexp.c
> index e711d43..d3f3764 100644
> --- a/posix/wordexp.c
> +++ b/posix/wordexp.c
> @@ -740,7 +740,7 @@ parse_arith (char **word, size_t *word_length, size_t *max_length,
>  	      ++(*offset);
>  
>  	      /* Go - evaluate. */
> -	      if (*expr && eval_expr (expr, &numresult) != 0)
> +	      if (expr && *expr && eval_expr (expr, &numresult) != 0)
>  		{
>  		  free (expr);
>  		  return WRDE_SYNTAX;
> @@ -778,7 +778,7 @@ parse_arith (char **word, size_t *word_length, size_t *max_length,
>  	      long int numresult = 0;
>  
>  	      /* Go - evaluate. */
> -	      if (*expr && eval_expr (expr, &numresult) != 0)
> +	      if (expr && *expr && eval_expr (expr, &numresult) != 0)
>  		{
>  		  free (expr);
>  		  return WRDE_SYNTAX;
> @@ -1843,11 +1843,11 @@ envsubst:
>  	  if (!colon_seen && value)
>  	    /* Substitute NULL */
>  	    ;
> -	  else
> +	  else if (flags & WRDE_SHOWERR)
>  	    {
>  	      const char *str = pattern;
>  
> -	      if (str[0] == '\0')
> +	      if (str && str[0] == '\0')
>  		str = _("parameter null or not set");
>  
>  	      __fxprintf (NULL, "%s: %s\n", env, str);

ping
On Wed, Aug 12, 2015 at 02:22:16PM +0200, Ondřej Bílka wrote:
> ping
> On Sun, Jul 12, 2015 at 09:49:17AM +0200, Ondřej Bílka wrote:
> > Hi,
> > 
> > Kostya, and Carlos wrote this patch on bugzilla but I didn't seen it on
> > libc-alpha.
> > 
> > These look good for me. Carlos, could you commit it?
> > 
> > 
> > diff --git a/posix/wordexp.c b/posix/wordexp.c
> > index e711d43..d3f3764 100644
> > --- a/posix/wordexp.c
> > +++ b/posix/wordexp.c
> > @@ -740,7 +740,7 @@ parse_arith (char **word, size_t *word_length, size_t *max_length,
> >  	      ++(*offset);
> >  
> >  	      /* Go - evaluate. */
> > -	      if (*expr && eval_expr (expr, &numresult) != 0)
> > +	      if (expr && *expr && eval_expr (expr, &numresult) != 0)
> >  		{
> >  		  free (expr);
> >  		  return WRDE_SYNTAX;
> > @@ -778,7 +778,7 @@ parse_arith (char **word, size_t *word_length, size_t *max_length,
> >  	      long int numresult = 0;
> >  
> >  	      /* Go - evaluate. */
> > -	      if (*expr && eval_expr (expr, &numresult) != 0)
> > +	      if (expr && *expr && eval_expr (expr, &numresult) != 0)
> >  		{
> >  		  free (expr);
> >  		  return WRDE_SYNTAX;
> > @@ -1843,11 +1843,11 @@ envsubst:
> >  	  if (!colon_seen && value)
> >  	    /* Substitute NULL */
> >  	    ;
> > -	  else
> > +	  else if (flags & WRDE_SHOWERR)
> >  	    {
> >  	      const char *str = pattern;
> >  
> > -	      if (str[0] == '\0')
> > +	      if (str && str[0] == '\0')
> >  		str = _("parameter null or not set");
> >  
> >  	      __fxprintf (NULL, "%s: %s\n", env, str);