Re: GStreamer Security Advisory 2024-0003: Orc compiler stack-based buffer overflow

[Florian Weimer <fweimer () redhat com>]

* Alan Coopersmith:

> On 7/26/24 12:46, Solar Designer wrote:
> > Unfortunately, *asprintf() are not that easy to use safely:
> > "For asprintf(), if memory allocation was not possible, or if some
> > other
> > error occurs, the function shall return a negative value, and the
> > contents of the location referenced by ptr are undefined, but shall not
> > refer to allocated memory."
> [...]
> > As I recall, on *BSD's *asprintf() also reset the pointer to NULL.  On
> > upstream glibc, it does not.  We failed to get this change past Ulrich
> > back then:
> > https://sourceware.org/legacy-ml/libc-alpha/2001-12/msg00045.html
>
> Yes, this came up in the discussion to add asprintf() to POSIX in
> https://austingroupbugs.net/view.php?id=1496 :
>
> > Of the above listed implementations, all but GNU libc document that they will
> > set *ptr to NULL on error, while GNU libc explicitly states that you cannot
> > rely on it to do so (and looking at its code, sometimes it does, sometimes
> > it doesn't).
>
> and so the standard was written to allow both ways to be conformant.
>
> If GNU libc was willing to change that, perhaps the next version of the
> standard could as well.

I submitted a glibc patch:

  [PATCH] libio: asprintf should write NULL upon failure
  <https://inbox.sourceware.org/libc-alpha/87zfq0r8aj.fsf () oldenburg str redhat com/>

Thanks,
Florian