autoconf-patches
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] lib/autoconf/c.m4: fix NULL pointer dereference in _AC_LANG_


From: Nicolas IOOSS
Subject: Re: [PATCH] lib/autoconf/c.m4: fix NULL pointer dereference in _AC_LANG_IO_PROGRAM
Date: Tue, 29 Jun 2021 09:56:44 +0200

On Mon, Jun 28, 2021 at 7:48 PM Zack Weinberg <zackw@panix.com> wrote:
>
> On Mon, Jun 28, 2021 at 10:17 AM Nicolas Iooss <nicolas.iooss@ledger.fr> 
> wrote:
> > * lib/autoconf/c.m4: return an error when f is NULL.
> > ---
> >  lib/autoconf/c.m4 | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/lib/autoconf/c.m4 b/lib/autoconf/c.m4
> > index 9f881f0bc10c..0d9efa62d450 100644
> > --- a/lib/autoconf/c.m4
> > +++ b/lib/autoconf/c.m4
> > @@ -114,7 +114,7 @@ $2
> >  m4_define([_AC_LANG_IO_PROGRAM(C)],
> >  [AC_LANG_PROGRAM([@%:@include <stdio.h>],
> >  [FILE *f = fopen ("conftest.out", "w");
> > - return ferror (f) || fclose (f) != 0;
> > + return !f || ferror (f) || fclose (f) != 0;
> >  ])])
>
> Thank you for the bug report and the patch. The change looks correct
> and is simple enough not to require a copyright assignment. I will
> apply it to Autoconf trunk in the next few days.
>
> Our test suite does not catch this bug, which probably means it never
> tests AC_LANG_IO_PROGRAM inside AC_RUN_IFELSE. Would you be willing to
> write a test case, perhaps based on the configure.ac that caused you
> to discover the bug? If you don't have time to write a test yourself,
> could you at least tell us about how you found the bug?

Hello,
Thanks for your quick reply! Actually I found this bug running clang's
static code analyzer on a project named secp256k1. When using
"scan-build -enable-checker alpha.unix.Stream", this tool spot an
issue while running ./configure and I found out it was a real bug. For
more details, I described on
https://github.com/bitcoin-core/secp256k1/pull/959#issuecomment-869733706
the exact command line I used. So the autoconf.ac file that I used is
https://github.com/bitcoin-core/secp256k1/blob/75ce488c2a6d47bfd6ed333e3e919a98ea86139a/configure.ac
.

I don't know how to reproduce the case of failing fopen without using
a static code analyzer, and I don't have time to create a reproducer
which would be simple enough to be integrated in a test. So I do not
plan to write a test myself.

Best regards,
Nicolas

-- 

Les informations contenues dans ce message électronique ainsi que celles 
contenues dans les documents attachés sont strictement confidentielles et 
sont destinées à l'usage exclusif du (des) destinataire(s) nommé(s).
Toute 
divulgation, distribution ou reproduction, même partielle, en est 
strictement interdite sauf autorisation écrite et expresse de l’émetteur.
Si vous recevez ce message par erreur, veuillez le notifier immédiatement à 
son émetteur par retour, et le détruire ainsi que tous les documents qui y 
sont attachés.


The information contained in this email and in any 
document enclosed is strictly confidential and is intended solely for the 
use of the individual or entity to which it is addressed.
Partial or total 
disclosure, distribution or reproduction of its contents is strictly 
prohibited unless expressly approved in writing by the sender.
If you have 
received this communication in error, please notify us immediately by 
responding to this email, and then delete the message and its attached 
files from your system.




reply via email to

[Prev in Thread] Current Thread [Next in Thread]