*BSD News Article 44898


Return to BSD News archive

Path: sserve!newshost.anu.edu.au!harbinger.cc.monash.edu.au!simtel!news.sprintlink.net!howland.reston.ans.net!gatech!news.mathworks.com!news.kei.com!nntp.et.byu.edu!news.byu.edu!hamblin.math.byu.edu!park.uvsc.edu!usenet
From: Terry Lambert <terry@cs.weber.edu>
Newsgroups: comp.unix.bsd.freebsd.misc
Subject: Re: Major strcmp bug under BSD 2.0?
Date: 2 Jun 1995 22:34:48 GMT
Organization: Utah Valley State College, Orem, Utah
Lines: 73
Message-ID: <3qo3m8$aq7@park.uvsc.edu>
References: <3qfn52$188j@troy.la.locus.com>
NNTP-Posting-Host: hecate.artisoft.com

sassan@locus.com (Sassan Behzadi) wrote:
] 
] Am I imagining things or is there a bug in BSD 2.0's strcmp() function?
] If either of the string parameters is NULL the program core dumps.
] Isn't this a major bug? (Making the OS pretty much useless). Is there 
] a simple fix for this ? 

This is a result of the intentional unmapping of page 0 to catch
NULL pointer dereferences with a kernel "page not present" error.

SunOS and Solaris do the same thing.

SVR4.2 has a switchable mechanism (at least in UnixWare) for the
same thing.

Consider the result of continuing to process with a bogus pointer
value; by the time you arrive at a fatal error, an undetected NULL
pointers origin could have been lost, making it difficult or
impossible to track down the real bug.

Yes, I know several pieces of software use the str*() functions
on NULL pointers; the most famous of these is probably 'elm',
with the 'xdt' X desktop program second, and your particular
problem coming in a poor third.

Much of the NetWare for UNIX/NetWare for UnixWare work was done on
Sun machines because of the UnixWare intentiannally mapping a page
at 0 on first reference (the switching mechanism was not present
until very recently, and it interferes with the mapping process,
allowing a fault to occur instead).

Consider it a "programmer friendly" feature of the OS.

HP/UX works, as do several older UNIX derivatives because the page
at 0 is mapped to contain 0's at the page 0 location.

Many UNIX implementations will give indeterminite results, depending
on whether or not the compare string is less than/equal to/greater
than the crt0.o startup code (up to the first 0 byte) because the
code loads in at 0 relative.

A few implementations explicitly check for NULL pointers to str*()
routines, slowing them down considerably to benefit bad programming
practice.

My personal opinion is that bad programming practice should be
detected and corrected, rather than being worked around at a general
penalty to performance to programs that have been written correctly.


If you find this morally repugnant, you are free to add compares
to your string functions in the libc (for which sources have been
provided).  If you do so, you will only need to relink (*not*
recompile) statically linked programs.

Luckily, of the programs that are distributes with FreeBSD, only
those in the /sbin and /usr/sbin directories (that's what the "s"
means) are statically linked, and you will not need to recompile
these, since they all use proper programming practice and don't
attempt to pass NULL pointers into routines that dereference the
pointers passed to them.

For further information, look at the mailing list and news archives
on freefall and minnie, where the topic was discussed at length
when the page 0 unmapping went in.  Or type 'man strcmp', since it
is also discussed briefly there.


                                        Terry Lambert
                                        terry@cs.weber.edu
---
Any opinions in this posting are my own and not those of my present
or previous employers.