Re: Bug#192537: sort segfaults with argv[0] = NULL

[Jim Meyering]

Thank you for the report.
I've included a patch for that below.
Be aware that although the patched sort appears to work
in your unusual case with this patch, if it fails for any
reason (I/O error, inaccessible input file, invalid options)
it will give a diagnostic that tries to dereference the NULL argv[0].

I'm curious as to what prompted you to find this problem.
Do you have an application that tries to do useful work
with a NULL argv[0] pointer?

You're probably already aware that very many programs assume that
`argc' is always 1 or larger, and hence dereference argv[0]
unconditionally.

        * src/sort.c (main): Don't overrun array bound if argc is 0.
        That would happen when invoked via: execl ("/usr/bin/sort", NULL);
        Reported by Wartan Hachaturow.

Index: src/sort.c
===================================================================
RCS file: /fetish/cu/src/sort.c,v
retrieving revision 1.250
diff -u -p -u -p -r1.250 sort.c
--- src/sort.c  11 Apr 2003 10:51:56 -0000      1.250
+++ src/sort.c  9 May 2003 08:32:54 -0000
@@ -2265,7 +2265,7 @@ main (int argc, char **argv)
                                long_options, NULL))
              == -1))
        {
-         if (optind == argc)
+         if (argc < optind)
            break;
          files[nfiles++] = argv[optind++];
        }

Wartan Hachaturow <address@hidden> wrote:
> Package: coreutils
> Version: 5.0-1
> Severity: normal
> Tags: upstream
>
> execl("/usr/bin/sort", NULL) leads to a segfault at line 2270 of
> sort.c.
...