Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Sat, 05 Nov 2022 07:52:09 -0400
From: "Alex Xu (Hello71)" <alex_y_xu@...oo.ca>
To: Szabolcs Nagy <nsz@...t70.net>, musl@...ts.openwall.com, Markus Wichmann
	<nullplan@....net>
Subject: Re: Invalid read of nl_arg in printf_core()

Excerpts from Szabolcs Nagy's message of November 5, 2022 6:09 am:
> * Markus Wichmann <nullplan@....net> [2022-11-03 20:42:16 +0100]:
>> Hi all,
>> 
>> reading some code today, I noticed undefined behavior in printf_core().
>> vfprintf() creates an array called nl_arg automatically and does not
>> initialize it. That is fine, but it means that reads from each array
>> member are undefined behavior until that member gets assigned a value.
> 
> an automatic storage object that was not initialized has indeterminate
> value, so accessing it is not undefined behaviour. (unless the object
> could have been declared with the register storage class)
> 
> so technically the code is correct (if int has no trap representations)
> but i think the fix still makes sense: leaving unspecified values around
> is error prone.

N1570 J.2 [Undefined behavior]:

1   The behavior is undefined in the following circumstances:
[ ... ]
— The value of an object with automatic storage duration is used while it is
  indeterminate (6.2.4, 6.7.9, 6.8).

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.