[Bug 240509] segfault in basename(3)
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Wed Sep 11 14:31:45 UTC 2019
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=240509
Mateusz Guzik <mjg at FreeBSD.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |mjg at FreeBSD.org
--- Comment #1 from Mateusz Guzik <mjg at FreeBSD.org> ---
basename is allowed to modify the passes buffer. This is documented on both
FreeBSD and Linux. In the attached example the string is immutable, an attempt
to modify it is undefined behavior and a crash (as observed) the likely
outcome.
The FreeBSD implementation happens to always at least add a NUL-byte which
triggers the crash here, while Linux one does not modify the string if there is
nothing to do.
The program will trivially crash if the string is modified to get basename to
operate, e.g. by adding trailing slashes: "/home/tags///".
Finally, the Linux manpage explicitly shows usage with a copied buffer:
The following code snippet demonstrates the use of basename() and
dirname():
char *dirc, *basec, *bname, *dname;
char *path = "/etc/passwd";
dirc = strdup(path);
basec = strdup(path);
dname = dirname(dirc);
bname = basename(basec);
printf("dirname=%s, basename=%s\n", dname, bname);
That said, there is no bug in the FreeBSD version and the code does not crash
on Linux because of a combination of an artifact of the implementation and the
passed argument. FreeBSD variant can be modified to match but there is real
benefit to it.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list