[Bug 12966] New: A null pointer dereference in uclibc/libc/stdio/fread.c leads to a crash
bugzilla at busybox.net
bugzilla at busybox.net
Fri May 29 14:30:11 UTC 2020
https://bugs.busybox.net/show_bug.cgi?id=12966
Bug ID: 12966
Summary: A null pointer dereference in
uclibc/libc/stdio/fread.c leads to a crash
Product: uClibc
Version: unspecified
Hardware: All
OS: Linux
Status: NEW
Severity: critical
Priority: P5
Component: stdio
Assignee: unassigned at uclibc.org
Reporter: liupeiyu at zju.edu.cn
CC: uclibc-cvs at uclibc.org
Target Milestone: ---
In function fread_unlocked() in uclibc/libc/stdio/fread.c
(https://git.uclibc.org/uClibc/tree/libc/stdio/fread.c),
14 size_t fread_unlocked(void * __restrict ptr, size_t size, size_t nmemb,
15 FILE * __restrict stream)
16 {
17 __STDIO_STREAM_VALIDATE(stream);
18 assert(stream->__filedes >= -1);
...
at line 18, argument stream is dereferenced without any check. However, the
caller may pass a NULL pointer here, i.e., a null pointer dereference may
occur.
I have dynamically tested this bug, it leads to a crash at runtime.
Maybe we can fix this bug by checking stream before use it, such as:
if (stream)
assert(stream->__filedes >= -1);
else
...(handle the error ...)
--
You are receiving this mail because:
You are on the CC list for the bug.
More information about the uClibc-cvs
mailing list