regan@jacobs.CS.ORST.EDU (Dave Regan) (07/30/90)
It appears that there is a deficiency in fclose when called with a NULL parameter (which isn't good practice anyway). ANSI says that fclose needs to return EOF if the stream was previously closed. The code can be easily extended to protect itself if called with a NULL parameter. If this protection is not in place, at the very least "free" is called with NULL and some other arbitrary value. This isn't good. Note that the loop in fclose WILL find a NULL in the table unless the maximum number of files (NFILES) are open. I have made the change to simply return EOF upon this error. It would be possible to cause an "assert" error and kill the program, as the programmer shouldn't be doing this. regan@jacobs.cs.orst.edu *** /usr/minix-1.5.10/lib/ansi/fclose.c Thu May 17 17:12:55 1990 --- fclose.c Sat Jul 28 21:19:50 1990 *************** *** 13,19 **** _io_table[i] = 0; break; } ! if (i >= NFILES) return(EOF); fflush(fp); close(fp->_fd); if (testflag(fp, IOMYBUF) && fp->_buf) free(fp->_buf); --- 13,19 ---- _io_table[i] = 0; break; } ! if (i >= NFILES || fp == NULL) return(EOF); fflush(fp); close(fp->_fd); if (testflag(fp, IOMYBUF) && fp->_buf) free(fp->_buf);
nfs@cs.Princeton.EDU (Norbert Schlenker) (07/31/90)
In article <19575@orstcs.CS.ORST.EDU> regan@jacobs.CS.ORST.EDU (Dave Regan) writes: >It appears that there is a deficiency in fclose when called with a >NULL parameter (which isn't good practice anyway). Calling fclose with a NULL parameter is an error. >ANSI says that fclose needs to return EOF if the stream was previously >closed. Not true - the standard says no such thing. >The code can be easily extended to protect itself if called >with a NULL parameter. If this protection is not in place, at the very >least "free" is called with NULL and some other arbitrary value. This >isn't good. > ><additional justification and patch deleted> But this is a programming error. If you want to saddle the library with all manner of checks, you are free to do so. Most programmers do not want the additional overhead to be incurred. The stdio package that I posted long ago included error checking as an option - needless to say, I don't use it myself. I expect programs not to call fclose() with a NULL pointer, just as I expect programs not to call strcpy() with NULL pointers. Programs which call standard library routines with arguments that are not of the expected form may fail. That has always been the case, and ANSI has now codified it. Programmers beware! Norbert
HBO043%DJUKFA11.BITNET@cunyvm.cuny.edu (Christoph van Wuellen) (07/31/90)
you open a worm can if you begin to protect single library functions against illegal parameters. you will end up, after a decade, with a library which is very clean, very smart, very safe, and very slow. C.v.W.