Open mtelka opened 1 month ago
Here is a simple testcase to demonstrate the problem:
$ cat <<EOF > test.c
#include <stdio.h>
int
main(void)
{
printf(NULL);
return 0;
}
EOF
$
When compiled it throws following warnings and segfaults on OpenIndiana:
$ gcc -Wall -o test test.c
test.c: In function 'main':
test.c:6:9: warning: argument 1 null where non-null expected [-Wnonnull]
6 | printf(NULL);
| ^~~~~~
In file included from /usr/include/stdio.h:82,
from test.c:1:
/usr/include/iso/stdio_iso.h:208:17: note: in a call to function 'printf' declared 'nonnull'
208 | extern int printf(const char *_RESTRICT_KYWD, ...);
| ^~~~~~
test.c:6:9: warning: null format string [-Wformat-overflow=]
6 | printf(NULL);
| ^~~~~~~~~~~~
$
$
$
$ ./test
Segmentation Fault (core dumped)
$
While on Linux (Rocky 9) it produces similar warnings, but does not do the core dump:
$ gcc -Wall -o test test.c
test.c: In function ‘main’:
test.c:6:9: warning: argument 1 null where non-null expected [-Wnonnull]
6 | printf(NULL);
| ^~~~~~
In file included from test.c:1:
/usr/include/stdio.h:350:12: note: in a call to function ‘printf’ declared ‘nonnull’
350 | extern int printf (const char *__restrict __format, ...);
| ^~~~~~
test.c:6:9: warning: null format string [-Wformat-overflow=]
6 | printf(NULL);
| ^~~~~~~~~~~~
$
$
$
$ ./test
$
Apparently, portable applications should avoid to pass NULL
as the format string to printf()
/vprintf()
.
I see the following segmentation fault on OpenIndiana:
The segfault is caused by the
die (STATE_CRITICAL, NULL)
call here:which in turn causes the
vprintf()
is called withNULL
infmt
here:and so the null pointer is dereferenced in
vprintf()
.