From: Rich Felker <dalias@libc.org>
To: Marian Buschsieweke <marian.buschsieweke@ovgu.de>
Cc: musl@lists.openwall.com
Subject: Re: [musl] [PATCH] fix error handling in getsubopt()
Date: Wed, 3 Nov 2021 09:20:57 -0400 [thread overview]
Message-ID: <20211103132057.GE7074@brightrain.aerifal.cx> (raw)
In-Reply-To: <20211103124757.15214-1-marian.buschsieweke@ovgu.de>
Thanks for sending this to the list.
On Wed, Nov 03, 2021 at 01:47:57PM +0100, Marian Buschsieweke wrote:
> The man page of getsubopt says
>
> > int getsubopt(char **restrict optionp, char *const *restrict tokens,
> > char **restrict valuep);
> >
> > [...]
> > RETURN VALUE
> > If the first suboption in optionp is recognized, getsubopt()
> > returns the index of the matching suboption element in tokens.
> > Otherwise, -1 is returned and *valuep is the entire name[=value]
> > string.
I went looking to replace this with a citation for the actual
specification, since the man page is not the specification for
standards-specified functions, and found that the above seems to be a
glibc extension, and it's not clear whether it meets the requirements
of the spec. On detailed reading, it's not even clear to me that the
nulling out of the ',' and updating of *opt we're doing are okay in
the error case; that's only specified for the case where a matching
key was found.
The (informative, i.e. non-normative) APPLICATION USAGE text in the
spec does mention:
"The value of *valuep when getsubopt() returns -1 is unspecified.
Historical implementations provide various incompatible extensions
to allow an application to access the suboption text that was not
found in the keylistp array."
which is not reassuring. Generally when there were historically
incompatible variants of something, musl does not offer any of them.
> This means, *val should be set to the value *opt had upon the call of
> getsubopt on failure, but this is not the case. This fixes the behavior.
>
> This fixes a segmentation fault in the option parsing in v4l2-ctl for the
> -c parameter. (E.g. v4l2-ctl -c foo=bar will segfault without this.)
I think there's still a discussion to be had about whether the
proposed change (or even the current behavior) is okay, but v4l2-ctl
relying on this is not a good thing, and it should be patched. AFAICT
it looks like they're trying to use getsubopt for something entirely
different from its purpose, where they really just want
strchr(foo,',')...
prev parent reply other threads:[~2021-11-03 13:21 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-03 12:47 Marian Buschsieweke
2021-11-03 13:20 ` Rich Felker [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211103132057.GE7074@brightrain.aerifal.cx \
--to=dalias@libc.org \
--cc=marian.buschsieweke@ovgu.de \
--cc=musl@lists.openwall.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/musl/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).