bin/39440: veriexecctl(8) segfaults when no argument is given

To: gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: bin/39440: veriexecctl(8) segfaults when no argument is given
From: ekamperi%gmail.com@localhost
Date: Sun, 31 Aug 2008 20:25:00 +0000 (UTC)

>Number:         39440
>Category:       bin
>Synopsis:       veriexecctl(8) segfaults when no argument is given
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Aug 31 20:25:00 +0000 2008
>Originator:     Stathis Kamperis
>Release:        NetBSD-4.99.72
>Organization:
>Environment:
NetBSD netbsd 4.99.72 NetBSD 4.99.72 (MYGENERIC) #0: Fri Aug 29 22:49:53 EEST 
2008  root@netbsd:/usr/obj/sys/arch/i386/compile/MYGENERIC i386

>Description:
veriexecctl(8) segfaults when no argument is given.
Here is the backtrace:


[stathis@netbsd /usr/src/sbin/veriexecctl] sudo gdb ./veriexecctl
GNU gdb 6.5
Copyright (C) 2006 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386--netbsdelf"...
(gdb) r
Starting program: /usr/src/sbin/veriexecctl/veriexecctl

Program received signal SIGSEGV, Segmentation fault.
0xbbb9959a in strcasecmp () from /lib/libc.so.12
(gdb) bt
#0  0xbbb9959a in strcasecmp () from /lib/libc.so.12
#1  0x0804acb9 in main (argc=0, argv=Cannot access memory at address 0x4
) at veriexecctl.c:236
(gdb)


When no argument is given, getopt() returns -1, the `default' label isn't 
executed, usage() isn't executed either, execution continues and
later on strcasecmp() tries to access argv[0] which corresponds to the initial 
argv[1] since it was augmented by 1 in line 228: argv += optind (optind is 
initialized to 1 according to getopt(3) man page). 

>How-To-Repeat:
Just run veriexecctl with no argument given
>Fix:
I attach a patch that fixes the problem.
Since we are here, remove also some whitespace.

Index: veriexecctl.c
===================================================================
RCS file: /cvsroot/src/sbin/veriexecctl/veriexecctl.c,v
retrieving revision 1.31
diff -u -r1.31 veriexecctl.c
--- veriexecctl.c       15 Feb 2008 15:33:56 -0000      1.31
+++ veriexecctl.c       31 Aug 2008 12:42:55 -0000
@@ -2,7 +2,7 @@

 /*-
 * Copyright 2005 Elad Efrat <elad%NetBSD.org@localhost>
- * Copyright 2005 Brett Lymn <blymn%netbsd.org@localhost>
+ * Copyright 2005 Brett Lymn <blymn%netbsd.org@localhost>
 *
 * All rights reserved.
 *
@@ -144,7 +144,7 @@
        v = dict_getd(qp, "fp");
       for (i = 0; i < prop_data_size(prop_dictionary_get(qp, "fp")); i++)
               printf("%02x", v[i] & 0xff);
-       printf("\n");
+       printf("\n");
 }

 static char *
@@ -226,6 +226,8 @@

       argc -= optind;
       argv += optind;
+        if (argc == 0)
+            usage();

       if ((gfd = open(VERIEXEC_DEVICE, O_RDWR, 0)) == -1)
               err(1, "Cannot open `%s'", VERIEXEC_DEVICE);

Prev by Date: Re: kern/39439 (IPv6 support broken in bge(4))
Next by Date: bin/39441: veriexecctl(8) man page doesn't document -v flag
Previous by Thread: PR/39439 CVS commit: src/sys/dev/pci
Next by Thread: bin/39441: veriexecctl(8) man page doesn't document -v flag
Indexes:

Home | Main Index | Thread Index | Old Index