[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug #64422] Exit handler vulnerability
From: |
Hiroshi Yoshikawa |
Subject: |
[bug #64422] Exit handler vulnerability |
Date: |
Thu, 13 Jul 2023 07:15:18 -0400 (EDT) |
URL:
<https://savannah.gnu.org/bugs/?64422>
Summary: Exit handler vulnerability
Group: GNU gettext
Submitter: kitanokitsune
Submitted: Thu 13 Jul 2023 11:15:16 AM UTC
Category: None
Severity: 3 - Normal
Item Group: None
Status: None
Privacy: Public
Assigned to: None
Open/Closed: Open
Discussion Lock: Any
_______________________________________________________
Follow-up Comments:
-------------------------------------------------------
Date: Thu 13 Jul 2023 11:15:16 AM UTC By: Hiroshi Yoshikawa <kitanokitsune>
The function *close_stdout()*, which is an _exit handler_ registerd with
*atexit()*, terminates abnormally.
This handler calls *exit()* in itself.
As mentioned in the following article, _exit handlers_ must terminate by
*return*, not *exit()*.
https://wiki.sei.cmu.edu/confluence/display/c/ENV32-C.+All+exit+handlers+must+return+normally
Indeed, in my environment (mingw-w64 on Windows), that causes stack overflow
and app crash.
_______________________________________________________
Reply to this item at:
<https://savannah.gnu.org/bugs/?64422>
_______________________________________________
Message sent via Savannah
https://savannah.gnu.org/
- [bug #64422] Exit handler vulnerability,
Hiroshi Yoshikawa <=