[PATCH] Fix execl sentinels

Denys Vlasenko vda.linux at googlemail.com
Sun Jun 30 11:46:38 UTC 2013


On Sunday 30 June 2013 03:26, Rich Felker wrote:
> The attached patch fixes calls to execl-type functions to use the
> correct sentinel, (char *)0, rather than NULL, which can be defined as
> any null pointer constant, and thus has either integer type or
> pointer-to-void type, but never pointer-to-character type. The only
> reason the current code works is that NULL happens to be defined as
> ((void *)0), which in turn happens to be passed the same way as a null
> character pointer would be, and thus gets successfully processed by
> va_arg as char *. However, formally the type is incorrect.
> 
> The motivation for this patch was that, in previous versions of musl,
> NULL was defined as 0 for C++, and ((void *)0) for C. Our testers
> uncovered very subtle, dangerous, difficult-to-track-down bugs on
> 64-bit systems due to C++ code using NULL (a 32-bit integer 0) as a
> sentinel, and ending up with junk in the upper bits of the pointer.

I would classify this as a compiler bug.

Even if language spec doesn't explicitly require widening
of variadic arguments to the full width of the stack slot
(IIRC C/C++ require promotions to int, but in this case
stack slot is long-sized), it's just a prudent measure
to do that.

On x86-64, it happens automatically if PUSH insn is used:
it always sign-extends the pushed value to 64 bits.
No additional insns need to be generated.

To expect zillions of C/C++ programs out there to have
every usage of NULL in execl fixed is not realistic.

> Patch attached.

Applied, thanks!


More information about the busybox mailing list