From unknown Sat Aug 09 05:01:10 2025 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 From: bug#21056 <21056@debbugs.gnu.org> To: bug#21056 <21056@debbugs.gnu.org> Subject: Status: [BUG] Bug with dirname on Ubuntu Reply-To: bug#21056 <21056@debbugs.gnu.org> Date: Sat, 09 Aug 2025 12:01:10 +0000 retitle 21056 [BUG] Bug with dirname on Ubuntu reassign 21056 coreutils submitter 21056 Vinh Nguyen severity 21056 normal thanks From debbugs-submit-bounces@debbugs.gnu.org Tue Jul 14 11:25:14 2015 Received: (at submit) by debbugs.gnu.org; 14 Jul 2015 15:25:14 +0000 Received: from localhost ([127.0.0.1]:49150 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1ZF252-0002PB-O9 for submit@debbugs.gnu.org; Tue, 14 Jul 2015 11:25:14 -0400 Received: from eggs.gnu.org ([208.118.235.92]:57920) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1ZEw9A-0006Tk-Dj for submit@debbugs.gnu.org; Tue, 14 Jul 2015 05:05:05 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ZEw8z-0005Hv-HZ for submit@debbugs.gnu.org; Tue, 14 Jul 2015 05:04:59 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: ** X-Spam-Status: No, score=2.8 required=5.0 tests=BAYES_50,DEAR_SOMETHING, HTML_MESSAGE autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:47591) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZEw8z-0005Hp-EP for submit@debbugs.gnu.org; Tue, 14 Jul 2015 05:04:53 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:43161) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZEw8x-0003w4-JW for bug-coreutils@gnu.org; Tue, 14 Jul 2015 05:04:53 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ZEw8t-0005Gv-QT for bug-coreutils@gnu.org; Tue, 14 Jul 2015 05:04:51 -0400 Received: from server506e.appriver.com ([50.56.144.35]:60294 helo=server506.appriver.com) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZEw8t-0005Gm-Kf for bug-coreutils@gnu.org; Tue, 14 Jul 2015 05:04:47 -0400 X-Note-AR-ScanTimeLocal: 7/14/2015 4:04:45 AM X-Policy: opswat.com - opswat.com X-Primary: vnguyen@opswat.com X-Note: This Email was scanned by AppRiver SecureTide X-Note: SecureTide Build: 7/6/2015 7:53:48 PM UTC X-Virus-Scan: V- X-Note-SnifferID: 0 X-Note: TCH-CT/SI:0-150/SG:5 7/14/2015 4:03:58 AM X-GBUdb-Analysis: 1, 169.254.3.160, Ugly c=0.861773 p=-0.99113 Source White X-Signature-Violations: 0-0-0-7768-c X-Note-419: 15.6263 ms. Fail:2 Chk:1327 of 1327 total X-Note: SCH-CT/SI:2-1327/SG:1 7/14/2015 4:04:28 AM X-Note: Spam Tests Failed: X-Country-Path: UNKNOWN->PRIVATE->United States X-Note-Sending-IP: 10.242.229.139 X-Note-Reverse-DNS: smtp.exg6.exghost.com X-Note-Return-Path: vnguyen@opswat.com X-Note: User Rule Hits: X-Note: Global Rule Hits: G256 G257 G258 G259 G263 G264 G383 G400 X-Note: Encrypt Rule Hits: X-Note: Mail Class: VALID X-Note: Headers Injected Received: from [10.242.229.139] (HELO smtp.exg6.exghost.com) by server506.appriver.com (CommuniGate Pro SMTP 6.1.2) with ESMTPS id 282077286 for bug-coreutils@gnu.org; Tue, 14 Jul 2015 04:04:45 -0500 Received: from DAGN10C-E6.exg6.exghost.com ([169.254.3.160]) by HT02-E6.exg6.exghost.com ([50.56.144.20]) with mapi id 14.03.0248.001; Tue, 14 Jul 2015 04:04:45 -0500 From: Vinh Nguyen To: "bug-coreutils@gnu.org" Subject: [BUG] Bug with dirname on Ubuntu Thread-Topic: [BUG] Bug with dirname on Ubuntu Thread-Index: AdC+E9jhxvcpDauySHi+/PN+I5MUrQ== Date: Tue, 14 Jul 2015 09:04:44 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [72.32.31.160] x-rerouted-by-exchange: Content-Type: multipart/alternative; boundary="_000_F05800CFA29A474CABEE7A739EF58E0D0EE2DC65DAGN10cE6exg6ex_" MIME-Version: 1.0 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x (barebone) [generic] [fuzzy] X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value). X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -3.3 (---) X-Debbugs-Envelope-To: submit X-Mailman-Approved-At: Tue, 14 Jul 2015 11:25:11 -0400 Cc: Dave Patt X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) --_000_F05800CFA29A474CABEE7A739EF58E0D0EE2DC65DAGN10cE6exg6ex_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Dear Sir/Madam, I've found a bug with dirname function on Ubuntu 14.04 LTS. The context is: Dl_info info; if ( dladdr( ( const void* )function_to_get_address, &info ) =3D=3D= 0 ) return false; if ( info.dli_fname =3D=3D NULL ) return false; dirname((char*)info.dli_fname); (1) With info.dli_fname contains "./libabc.so". Before (1) is invoked, "info sh= ared" command on gdb 7.1 shows no problem, but after invoking (1), "info sh= ared" shows "." in Shared Object Library column and "No" in Sym column. Aft= er that, all "dlopen" functions failed with error "Error while mapping shar= ed library sections" and some libraries throw Segmentation Fault exception.= So, I think it is a bug of dirname function. I hope this information is helpful. I'm looking forward to seeing a fix for= this. Sincerely, Vinh T. Nguyen --_000_F05800CFA29A474CABEE7A739EF58E0D0EE2DC65DAGN10cE6exg6ex_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Dear Sir/Madam,

I’ve found a bug with dirname function on Ubun= tu 14.04 LTS. The context is:

        Dl_info i= nfo;

        if ( dlad= dr( ( const void* )function_to_get_address, &info ) =3D=3D 0 )

        &nbs= p;   return false;

        if ( info= .dli_fname =3D=3D NULL )

        &nbs= p;   return false;

        dirname((= char*)info.dli_fname); (1)

 

With info.dli_fname contains "./libabc.so"= . Before (1) is invoked, "info shared" command on gdb 7.1 shows n= o problem, but after invoking (1), "info shared" shows ".&qu= ot; in Shared Object Library column and "No" in Sym column. After= that, all "dlopen" functions failed with error "Error while mapping s= hared library sections" and some libraries throw Segmentation Fault ex= ception. So, I think it is a bug of dirname function.

I hope this information is helpful. I'm looking forw= ard to seeing a fix for this.

 

Sincerely,

Vinh T. Nguyen

 

--_000_F05800CFA29A474CABEE7A739EF58E0D0EE2DC65DAGN10cE6exg6ex_-- From debbugs-submit-bounces@debbugs.gnu.org Tue Jul 14 12:21:45 2015 Received: (at 21056-done) by debbugs.gnu.org; 14 Jul 2015 16:21:45 +0000 Received: from localhost ([127.0.0.1]:49177 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1ZF2xk-00075Q-F4 for submit@debbugs.gnu.org; Tue, 14 Jul 2015 12:21:44 -0400 Received: from mx1.redhat.com ([209.132.183.28]:43514) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1ZF2xh-00075D-EQ for 21056-done@debbugs.gnu.org; Tue, 14 Jul 2015 12:21:42 -0400 Received: from int-mx10.intmail.prod.int.phx2.redhat.com (int-mx10.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by mx1.redhat.com (Postfix) with ESMTPS id ECC3E3CBA2D; Tue, 14 Jul 2015 16:21:39 +0000 (UTC) Received: from [10.3.113.107] (ovpn-113-107.phx2.redhat.com [10.3.113.107]) by int-mx10.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id t6EGLdSP001746; Tue, 14 Jul 2015 12:21:39 -0400 Subject: Re: bug#21056: [BUG] Bug with dirname on Ubuntu To: Vinh Nguyen , 21056-done@debbugs.gnu.org References: From: Eric Blake Openpgp: url=http://people.redhat.com/eblake/eblake.gpg X-Enigmail-Draft-Status: N1110 Organization: Red Hat, Inc. Message-ID: <55A5370D.2050805@redhat.com> Date: Tue, 14 Jul 2015 10:21:33 -0600 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.0.1 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="wR8KBBtna5MUTbt4jbTbk7omNWbiPwGWl" X-Scanned-By: MIMEDefang 2.68 on 10.5.11.23 X-Spam-Score: -4.7 (----) X-Debbugs-Envelope-To: 21056-done Cc: Dave Patt X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -4.7 (----) This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --wR8KBBtna5MUTbt4jbTbk7omNWbiPwGWl Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable tag 21056 notabug thanks On 07/14/2015 03:04 AM, Vinh Nguyen wrote: > Dear Sir/Madam, > I've found a bug with dirname function on Ubuntu 14.04 LTS. The context= is: Thanks for the report. However, you have reached the coreutils list (owners of dirname(1) for command line use), but you are complaining about the libc function dirname(3) (for use in C programs); the two are quite distinct. This list is unable to change the libc behavior, so I'm going to close the bug as invalid in the coreutils database. > Dl_info info; > if ( dladdr( ( const void* )function_to_get_address, &info ) =3D= =3D 0 ) > return false; > if ( info.dli_fname =3D=3D NULL ) > return false; > dirname((char*)info.dli_fname); (1) This is invalid use of dirname(). POSIX says that dirname() may modify its argument, but you MUST NOT modify a const char * string; the fact that you are casting away const should be a warning flag. Furthermore, the POSIX definition of dirname() says that it need not be threadsafe, making it a pain to use in libraries that might be used in a threaded context. Finally, dirname() has fixed semantics that are wrong in code intended to be portable to Windows file names with drive letters. http://pubs.opengroup.org/onlinepubs/9699919799/functions/dirname.html In short, the POSIX dirname() function is worthless; you CANNOT safely use it on untrusted input. The gnulib project has this to say about dirname(), and recommends that you use gnulib's dir_name() instead (which IS safe to use on untrusted input, but which malloc()s the result so you have to adjust your code to free() the result): https://www.gnu.org/software/gnulib/manual/html_node/dirname.html#dirname= >=20 > With info.dli_fname contains "./libabc.so". Before (1) is invoked, "inf= o shared" command on gdb 7.1 shows no problem, but after invoking (1), "i= nfo shared" shows "." in Shared Object Library column and "No" in Sym col= umn. After that, all "dlopen" functions failed with error "Error while ma= pping shared library sections" and some libraries throw Segmentation Faul= t exception. So, I think it is a bug of dirname function. > I hope this information is helpful. I'm looking forward to seeing a fix= for this. The fix is not to libc's dirname(), but to your code for invalid usage of dirname(). --=20 Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org --wR8KBBtna5MUTbt4jbTbk7omNWbiPwGWl Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: Public key at http://people.redhat.com/eblake/eblake.gpg Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBCAAGBQJVpTcSAAoJEKeha0olJ0Nq0vAIAJsNWPuMkXWYHmZX2iECCrVv 4iVeM8Sgb+1W34XD4odmqZo66EFOxjI/2aWPgjhKersgtjTn41dTsGM+cYEbtyed 2Q1AE8yYDHQc6h7py+3GbW5yZidP5QNn94Z9hFuWTwE762itP3J4jtYTckZX0JaQ zRiQuNSI+2m6HTNZ3zctMpW4vftmicr1PopYIrZYP15XJHzjf0nHM1aulb5S67EK 9Q2GwkVM2ycQxMrwW5Af/AbLmFjAQ04ZXrAM4jq6YmzRSVfXeDhc3hEoxwBh822m 2IXAXFDBElhVJu1blo2Zg9a01nwcoOtaPwX0SA9OswPWEwfRCe5sSepvaf+TRbQ= =6OFb -----END PGP SIGNATURE----- --wR8KBBtna5MUTbt4jbTbk7omNWbiPwGWl-- From unknown Sat Aug 09 05:01:10 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Wed, 12 Aug 2015 11:24:04 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator