Subject: lib/29672: return value of alloca() is not checked in execl(3)
To: None <lib-bug-people@netbsd.org, gnats-admin@netbsd.org,>
From: None <roland.illig@gmx.de>
List: netbsd-bugs
Date: 03/12/2005 09:39:01
>Number:         29672
>Category:       lib
>Synopsis:       return value of alloca() is not checked in execl(3)
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    lib-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat Mar 12 09:39:01 +0000 2005
>Originator:     roland.illig@gmx.de
>Release:        NetBSD 2.99.15
>Organization:
	
>Environment:
	
	
System: NetBSD baccf5ee.roland-illig.de 2.99.15 NetBSD 2.99.15 (GENERIC) #0: Wed Feb 9 20:19:30 CET 2005 build@baccf5ee.roland-illig.de:/home/build/objroot/sys/arch/i386/compile/GENERIC i386
Architecture: i386
Machine: i386
>Description:

The return value of alloca() is not checked for NULL, but the manpage
says alloca() may return NULL. After that, the returned pointer is
dereferenced, leading to undefined behaviour.

>How-To-Repeat:
	
>Fix:

Either check the return value of the call to alloca() or remove the text
mentioning the NULL return value from the alloca manpage, for the case
that none of the various alloca() implementations ever return NULL. I
just had a quick look at the code, I did not check it completely.

>Unformatted: