[bug #64422] Exit handler vulnerability

[Hiroshi Yoshikawa]

URL:
  <https://savannah.gnu.org/bugs/?64422>

                 Summary: Exit handler vulnerability
                   Group: GNU gettext
               Submitter: kitanokitsune
               Submitted: Thu 13 Jul 2023 11:15:16 AM UTC
                Category: None
                Severity: 3 - Normal
              Item Group: None
                  Status: None
                 Privacy: Public
             Assigned to: None
             Open/Closed: Open
         Discussion Lock: Any


    _______________________________________________________

Follow-up Comments:


-------------------------------------------------------
Date: Thu 13 Jul 2023 11:15:16 AM UTC By: Hiroshi Yoshikawa <kitanokitsune>
The function *close_stdout()*, which is an _exit handler_ registerd with
*atexit()*, terminates abnormally.
This handler calls *exit()* in itself.

As mentioned in the following article, _exit handlers_ must terminate by
*return*, not *exit()*.
https://wiki.sei.cmu.edu/confluence/display/c/ENV32-C.+All+exit+handlers+must+return+normally

Indeed, in my environment (mingw-w64 on Windows), that causes stack overflow
and app crash.








    _______________________________________________________

Reply to this item at:

  <https://savannah.gnu.org/bugs/?64422>

_______________________________________________
Message sent via Savannah
https://savannah.gnu.org/