Bug 13154 - strtol, et. al. clobber endptr when base is invalid
Summary: strtol, et. al. clobber endptr when base is invalid
Status: RESOLVED INVALID
Alias: None
Product: glibc
Classification: Unclassified
Component: libc (show other bugs)
Version: unspecified
: P2 normal
Target Milestone: ---
Assignee: Ulrich Drepper
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-09-06 02:38 UTC by Rich Felker
Modified: 2014-06-27 12:09 UTC (History)
0 users

See Also:
Host:
Target:
Build:
Last reconfirmed:
fweimer: security-

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Rich Felker 2011-09-06 02:38:38 UTC 
ISO C does not specify any behavior for strtol-family function when base is invalid, but POSIX specifies that the functions shall fail and set errno to EINVAL in this case. glibc's implementation does fail and sets errno, but also clobbers the pointer pointed to by the endptr argument (with NULL). This could break applications which assume *endptr will always remain the same or advance after a call to strtol, even in the presence of invalid input. I see nothing in the standards that allows glibc's behavior.

Simple test case:

char *s = "123";
strtol(s, &s, 37);
assert(s);

Wide character versions and long long/intmax_t versions, and the corresponding unsigned versions, are also affected.
Comment 1 Ulrich Drepper 2011-09-08 02:32:44 UTC 
There is nothing in the standard which forbids the behavior.  No change needed.
Comment 2 Rich Felker 2011-09-08 03:34:51 UTC 
You may be right, simply because I misread the "may fail" as if it were "shall fail". Presumably an implementation may do whatever it likes when base is invalid.

Still I think it would be nice to "fix" this.