[Zlib-devel] [PATCH] Fix segfault when NULL is passed as path to gzopen*
Mike Frysinger
vapier at gentoo.org
Sat Feb 5 13:00:54 EST 2011
On Friday, February 04, 2011 06:42:18 Enrico Weigelt wrote:
> * Mike Frysinger <vapier at gentoo.org> schrieb:
> > On Wednesday, December 15, 2010 17:01:47 Ozgur Murat Homurlu wrote:
> > > In gz_open function, path parameter is passed to strlen() without
> > > checking. This causes a segmentation fault if path is passed as NULL.
> >
> > here's an idea ... dont call gzopen() with NULL
>
> Easier said than done. Your idea essentially requires every caller
> to ensure he doesn't pass NULL, to prevent unpredictable behaviour.
if you do fopen() and dont check the return, your code is stupid. it's really
not that hard to write non-stupid code.
> (unfortunately, in C we don't have something like an NOTNULL constraint, so
> the compiler could tell us here what's wrong)
gcc does provide for a non-null attribute, but obviously only works on
constants. it'd also be trivial to have a debug version of zlib.h that
creates inlines which check all of its arguments and calls abort() before
calling back into the actual zlib library.
-mike
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
URL: <http://madler.net/pipermail/zlib-devel_madler.net/attachments/20110205/e228739c/attachment.sig>
More information about the Zlib-devel
mailing list