~kaniini/pkgconf

Passing uninitilized client to pkgconf_client_init() leads to a crash in pkgconf_trace()

Petr Pisar <ppisar@redhat.com>
Details
Message ID
<ZAnir5inCy9Y00L8@dhcp-0-146.brq.redhat.com>
DKIM signature
missing
Download raw message
If I pass an uninitilized pkgconf_client_t structure to pkgconf_client_init()
and keep an error handler to NULL:

pkgconf_client_init(&client, NULL, NULL, personality);

I obtain this crash:

#0  0x0000003c00000006 in ?? ()
#1  0x00007ffff7fb151b in pkgconf_trace (client=client@entry=0x7fffffffe2a0, 
    filename=filename@entry=0x7ffff7fb802c "libpkgconf/client.c", lineno=lineno@entry=569, 
    funcname=funcname@entry=0x7ffff7fb92c0 <__PRETTY_FUNCTION__.1.lto_priv.1> "pkgconf_client_set_error_handler", format=format@entry=0x7ffff7fb86a0 "installing default error handler")
    at libpkgconf/client.c:389
#2  0x00007ffff7fb16f5 in pkgconf_client_set_error_handler (error_handler=<optimized out>, 
    error_handler_data=<optimized out>, client=0x7fffffffe2a0) at libpkgconf/client.c:569
#3  pkgconf_client_set_error_handler (client=client@entry=0x7fffffffe2a0, 
    error_handler=error_handler@entry=0x0, error_handler_data=<optimized out>)
    at libpkgconf/client.c:562
#4  0x00007ffff7fb5637 in pkgconf_client_init (client=0x7fffffffe2a0, error_handler=0x0, 
    error_handler_data=<optimized out>, personality=0x7ffff7fbd500 <default_personality>)
    at libpkgconf/client.c:109
#5  0x000000000040130f in main (argc=2, argv=0x7fffffffe4b8) at test.c:24

The reason is that pkgconf_client_set_error_handler() does not initilize
client->trace_handler and calls:

    if (client->error_handler == NULL)
    {
        PKGCONF_TRACE(client, "installing default error handler");
        client->error_handler = pkgconf_default_error_handler;
    }

where PKGCONF_TRACE() calls client->trace_handler, which contains a garbage.

I recommend either initilizing client->trace_handler to NULL in
pkgconf_client_init(), or document that the client argument passed to
pkgconf_client_init() needs to be already initialized to zeros.

-- Petr
Reply to thread Export thread (mbox)