Re: [PATCH] progname: don't segfault when argv is NULL

2009-12-09 Thread Bruno Haible
Jim Meyering wrote: > The POSIX spec for execve says this about envp: > > The argument envp is an array of character pointers to null-terminated > strings. These strings shall constitute the environment for the new > process image. The envp array is terminated by a null pointer. > > w

Re: [PATCH] progname: don't segfault when argv is NULL

2009-12-09 Thread Jim Meyering
Bruno Haible wrote: > About the exec* functions: >> Ad 1): >> > I suggest you declare those functions with the "nonnull" attribute. >> >> Good idea. I reported this to glibc: >> > > It has been committed: gcc+glibc will now warn if a user use

Re: [PATCH] progname: don't segfault when argv is NULL

2009-12-09 Thread Jim Meyering
Bruno Haible wrote: >> perhaps incomplete, since you can make the same argument about the "envp" >> pointer. > > How so? >From the perspective that since POSIX disallows passing a NULL pointer, it would make sense to label each corresponding parameter with the nonnull attribute. Not a big deal, t

Re: [PATCH] progname: don't segfault when argv is NULL

2009-12-09 Thread Bruno Haible
About the exec* functions: > Ad 1): > > I suggest you declare those functions with the "nonnull" attribute. > > Good idea. I reported this to glibc: > It has been committed: gcc+glibc will now warn if a user uses a NULL argv array in an exec

Re: [PATCH] progname: don't segfault when argv is NULL

2009-12-06 Thread Bruno Haible
Hi Jim, > >> I suggest you declare those functions with the "nonnull" attribute. > > I was referring to the functions in progname.h: > > set_program_name > set_program_name_and_installdir The __nonnull__ attribute on these functions would help preventing or detecting the bug, because these

Re: [PATCH] progname: don't segfault when argv is NULL

2009-12-06 Thread Jim Meyering
Hi Bruno, Bruno Haible wrote: ... > Ad 1): >> I suggest you declare those functions with the "nonnull" attribute. > > Good idea. I reported this to glibc: > That is welcome, but I was referring to the functions in progname.h: set_program

Re: [PATCH] progname: don't segfault when argv is NULL

2009-12-05 Thread Bruno Haible
Eric Blake wrote: > is the string worth marking as > translatable? Or should it try error() rather than fputs()? Since 'progname' is used by virtually every program that uses gnulib, I wish to minimize its dependencies. Regarding the translation: An error message that is seen by a user on averag

Re: [PATCH] progname: don't segfault when argv is NULL

2009-12-05 Thread Eric Blake
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 According to Bruno Haible on 12/5/2009 6:08 AM: > Ad 2): > This is indeed a kernel problem: OpenBSD 4.0 returns with error code > EFAULT if you pass NULL to execve or execv or execvp. Linux 2.6.25.20 > does not. Here's the draft for a report to a linux

Re: [PATCH] progname: don't segfault when argv is NULL

2009-12-05 Thread Bruno Haible
Hi Jim, > Just 3 days ago I received a private report of sleep segfaulting. > Unfortunately, it was not reproducible. If a user gets a segfault, there is a bug somewhere. Question #1 is: Where is the bug? You already answered that: it's in the parent process. Question #2 is: Where should the b

Re: [PATCH] progname: don't segfault when argv is NULL

2009-12-05 Thread Jim Meyering
Bruno Haible wrote: >> Ok to apply the patch below? >> Without it, anyone can make nearly any coreutils program segfault >> with this simple recipe: >> >> printf '%s\n' '#include ' 'int main(int c, char**v)' \ >> '{ execve (v[1], 0, 0); }' > k.c && gcc k.c && ./a.out /bin/cat >> >> While th

Re: [PATCH] progname: don't segfault when argv is NULL

2009-12-04 Thread Bruno Haible
Eric Blake wrote: > Think about the *_safer modules. ... invoke execve without the child process > having fd 0, 1, and 2 properly set. This case is different, because here the child process can run for a long time without experiencing a problem. Whereas a NULL pointer either leads to a crash or

Re: [PATCH] progname: don't segfault when argv is NULL

2009-12-04 Thread Eric Blake
Bruno Haible clisp.org> writes: > > While that usage of execve is in violation of POSIX > > One of the purposes of specifications is to avoid redundant checking > of arguments. But this is NOT redundant. > It makes sense to be "lenient in what you accept", for example when the > spec is unclea

Re: [PATCH] progname: don't segfault when argv is NULL

2009-12-04 Thread Pádraig Brady
Bruno Haible wrote: > Hi Jim, > >> Ok to apply the patch below? >> Without it, anyone can make nearly any coreutils program segfault >> with this simple recipe: >> >> printf '%s\n' '#include ' 'int main(int c, char**v)' \ >> '{ execve (v[1], 0, 0); }' > k.c && gcc k.c && ./a.out /bin/cat

Re: [PATCH] progname: don't segfault when argv is NULL

2009-12-04 Thread Bruno Haible
Hi Jim, > Ok to apply the patch below? > Without it, anyone can make nearly any coreutils program segfault > with this simple recipe: > > printf '%s\n' '#include ' 'int main(int c, char**v)' \ > '{ execve (v[1], 0, 0); }' > k.c && gcc k.c && ./a.out /bin/cat > > While that usage of execv

[PATCH] progname: don't segfault when argv is NULL

2009-12-04 Thread Jim Meyering
and cannot be confused with a legitimate program name. For reference, perl uses the empty string, too: $ printf 'print ":$ARGV[0]:\n"' |./a.out /usr/bin/perl :: >From 761448cef4c36ec0551eeaa39fb65a87c0ba39ae Mon Sep 17 00:00:00 2001 From: Jim Meyering Date: Fri