Wireshark mailing list archives

Re: Passing NULL to %s format specifiers

From: Evan Huus <eapache () gmail com>
Date: Thu, 16 Aug 2012 21:24:41 -0400

On Thu, Aug 16, 2012 at 1:16 PM, Gerald Combs <gerald () wireshark org> wrote:

On 8/15/12 8:12 AM, Evan Huus wrote:

On Wed, Aug 15, 2012 at 10:15 AM, Jeff Morriss
<jeff.morriss.ws () gmail com> wrote:

Evan Huus wrote:


On Linux and most other operating systems I know of, passing a NULL to
a %s format specifier is safe. On Solaris, as it turns out, it isn't
[1].


It's a little more complex than that. The problem is present if the
system's C library doesn't handle passing NULL to %s AND GLib wasn't
compiled with "--enable-included-printf". This used to be the case for
Windows but was fixed a couple of years ago. It's still broken for
Solaris because the default for "enable-included-printf" is "auto", at
least according to the GLib sources. It seems like it should be "yes" in
order to provide consistent behavior across platforms or at least check
the behavior of passing NULL to %s.

Note that you can still segfault with printf("%s", NULL) on Linux since
gcc will use its builtin printf in that case.


Very interesting, thanks for the details.

I've added a short note to README.developer, so hopefully new code at
least will be safe.

I'm a fan of a macro like Jakub mentioned as part of the old conversation:

http://www.wireshark.org/lists/wireshark-dev/201105/msg00205.html

If we go that route, perhaps someone can add a bit to checkAPIs that
complains if it finds %s in a format string without the macro?


I'm OK with this but it seems like we should be able to get Coverity or
Clang to do the work for us. They're both pretty good at finding NULL
pointer dereferences.


I know that CppCheck supports writing custom rules as XML files and
regexs (although I know nothing more about it at the moment then
that). It may be possible to subsume all of the current checkAPIs into
CppCheck rules, which would probably be a good thing since then we'd
get a proper grammar engine for free instead of relying on perl hacks.

Evan
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

Re: Passing NULL to %s format specifiers, (continued)
- - - Re: Passing NULL to %s format specifiers Jeff Morriss (Aug 15)
  - Re: Passing NULL to %s format specifiers Evan Huus (Aug 15)
    - Re: Passing NULL to %s format specifiers Jakub Zawadzki (Aug 15)
    - Re: Passing NULL to %s format specifiers Guy Harris (Aug 15)
    - Re: Passing NULL to %s format specifiers Jakub Zawadzki (Aug 16)
    - Re: Passing NULL to %s format specifiers Guy Harris (Aug 16)
    - Re: Passing NULL to %s format specifiers Jeff Morriss (Aug 15)
    - Re: Passing NULL to %s format specifiers Guy Harris (Aug 15)
    - Re: Passing NULL to %s format specifiers Guy Harris (Aug 15)
    - Re: Passing NULL to %s format specifiers Gerald Combs (Aug 16)
    - Re: Passing NULL to %s format specifiers Evan Huus (Aug 16)