search

void-linux / xbps

The X Binary Package System (XBPS)
https://voidlinux.org/xbps/
Other
787 stars 125 forks source link

xbps-fetch calls printf with a NULL string somewhere. #423

Open ericonr opened 3 years ago

ericonr commented 3 years ago

CI log from: https://github.com/void-linux/void-packages/pull/32340/checks?check_run_id=3265394612

=> wps-office-11.1.0.10702_1: fetching distfile 'wps-office-11.1.0.10702.XA-1.x86_64.rpm'...
wps-office-11.1.0.10702.XA-1.x86_64.rpm: [261MB 0%] 130MB/s ETA: 00m00s
[...]
wps-office-11.1.0.10702.XA-1.x86_64.rpm: [261MB 97%] 8867KB/s ETA: 00m00s
http://wdl1.pcfg.cache.wpscdn.com/wpsdl/wpsoffice/download/linux/10702/wps-office-11.1.0.10702.XA-1.x86_64.rpm: (null)

It's officially UB, though musl and glibc will both print (null) instead of segfaulting or killing your children; it does make for a poorer user experience though, since it's missing something explaining the error.

Chocimier commented 3 years ago

xbps_fetch_error_string returns null on no error. Most callers use strerror(0) then, but not main.

There are almost surely paths where xbps_fetch_error_string return uninitialized memory as well.

Chocimier commented 3 years ago

It's not no error, just non-described error, like unknown http version echo 'HTTP/2 200 OK' | nc -l localhost 8888.

fetchLastErrString is extent, thus zero-initialized per standard, no problem here.