Re: [Tinycc-devel] NULL pointer dereference due to unchecked return from fdopen()

[Domingo Alvarez Duarte]

+1 To "just write a tcc_fdopen()"

On 28/2/22 13:46, Steffen Nurpmeso wrote:
> Vincent Lefevre wrote in
>   <20220228103710.GA33433@zira.vinc17.org>:
>   |On 2022-02-28 10:50:29 +0100, grischka wrote:
>   |> Christian Jullien wrote:
>   |>> Thanks,
>   |>> This is unfortunately not the only case where returned value is \
>   |>> not tested, just for fdopen, if maintainers agree, we can probably \
>   |>> apply:
>   |>> Wdyt?
>   |>
>   |> The rule is, as always:  don't write code that you cannot test.
>   |
>   |Various other error cases are probably not tested.
>   |Has anyone checked code coverage?
>   |
>   |Testing the code can be done once by adding "fp = NULL;" and checking
>   |that the error is correctly handled. Otherwise, perhaps with LD_PRELOAD
>   |to define a fdopen wrapper that will simulate an error for some calls.
>   |
>   |> Can you?
>   |>
>   |> Otherwise, can we stop suggesting sloppily crafted quick patches
>   |> addressing non-existent problems?
>   |
>   |fdopen() may fail. So this is a real problem. However, the check for
>   |errors should be done on the other related function calls too.
>   |
>   |Not checking errors may yield obscure errors in user code and/or
>   |data loss/corruption (this happened to me with GCC, which did not
>   |check some write errors, so that data were randomly silently missing
>   |on NFS and my scripts were failing with errors difficult to debug).
>
> Let's just write a tcc_fdopen() the same way myriads of projects
> create their local xmalloc()?
>
>    #?0|kent:tcc.git$ git grep fdopen mob
>    mob:lib/tcov.c:    return fdopen (fd, "r+");
>    mob:tcccoff.c:    f = fdopen(fd, "rb");
>    mob:tccelf.c:    f = fdopen(fd, "wb");
>    mob:tcclib.h:FILE *fdopen(int fildes, const char *mode);
>    mob:tccmacho.c:    fp = fdopen(fd, "wb");
>    mob:tcctools.c:        depout = fdopen(1, "w");
>    mob:win32/include/stdio.h:  FILE *__cdecl fdopen(int _FileHandle,const char 
> *_Mode);
>    mob:win32/include/stdio.h:  _CRTIMP FILE *__cdecl _fdopen(int 
> _FileHandle,const char *_Mode);
>    mob:win32/include/stdio.h:  _CRTIMP FILE *__cdecl _wfdopen(int _FileHandle 
> ,const wchar_t *_Mode);
>    mob:win32/include/stdio.h:  FILE *__cdecl fdopen(int _FileHandle,const char 
> *_Format);
>    mob:win32/include/tchar.h:#define _tfdopen _wfdopen
>    mob:win32/include/tchar.h:#define _tfdopen fdopen
>    mob:win32/include/tchar.h:#define _tfdopen _fdopen
>    mob:win32/include/wchar.h:  _CRTIMP FILE *__cdecl _wfdopen(int _FileHandle 
> ,const wchar_t *_Mode);
>    mob:win32/lib/msvcrt.def:_fdopen
>    mob:win32/lib/msvcrt.def:_wfdopen
>
> Shouldn't take longer than the quarter of an hour.
>
> --steffen
> |
> |Der Kragenbaer,                The moon bear,
> |der holt sich munter           he cheerfully and one by one
> |einen nach dem anderen runter  wa.ks himself off
> |(By Robert Gernhardt)
>
> _______________________________________________
> Tinycc-devel mailing list
> Tinycc-devel@nongnu.org
> https://lists.nongnu.org/mailman/listinfo/tinycc-devel