Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Fri, 8 May 2020 14:45:53 -0400
From: Rich Felker <dalias@...c.org>
To: Markus Wichmann <nullplan@....net>
Cc: musl@...ts.openwall.com, "zhuyan (M)" <zhuyan34@...wei.com>
Subject: Re: [PATCH] fix coredump when sched_rr_get_interval parameter
 ts is NULL

On Fri, May 08, 2020 at 05:47:37PM +0200, Markus Wichmann wrote:
> On Fri, May 08, 2020 at 02:46:56PM +0000, zhuyan (M) wrote:
> > In function sched_rr_get_interval, there is a risk of null pointer
> > reference. On line 12, when ts is NULL, dereferencing the null
> > pointer will cause the program coredump.
> >
> > Therefore, it must ensure that ts is not empty before use.
> >
> 
> Is calling this function with a NULL pointer sensible? The manpage
> certainly doesn't say so. Usually policy in musl is to not fix
> application bugs, but to dereference pointers without NULL pointer check
> unless there is an explicit requirement in the relevant standards that a
> NULL pointer be accepted.

Indeed, sched_rr_get_interval has no contract to accept a null
pointer, and doesn't even have a plausible reason to want to call it
with one (the only output is in the pointed-to memory).

Rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.