Bug 13154

Summary: strtol, et. al. clobber endptr when base is invalid
Product: glibc Reporter: Rich Felker <bugdal>
Component: libcAssignee: Ulrich Drepper <drepper.fsp>
Severity: normal Flags: fweimer: security-
Priority: P2    
Version: unspecified   
Target Milestone: ---   
Host: Target:
Build: Last reconfirmed:

Description Rich Felker 2011-09-06 02:38:38 UTC
ISO C does not specify any behavior for strtol-family function when base is invalid, but POSIX specifies that the functions shall fail and set errno to EINVAL in this case. glibc's implementation does fail and sets errno, but also clobbers the pointer pointed to by the endptr argument (with NULL). This could break applications which assume *endptr will always remain the same or advance after a call to strtol, even in the presence of invalid input. I see nothing in the standards that allows glibc's behavior.

Simple test case:

char *s = "123";
strtol(s, &s, 37);

Wide character versions and long long/intmax_t versions, and the corresponding unsigned versions, are also affected.
Comment 1 Ulrich Drepper 2011-09-08 02:32:44 UTC
There is nothing in the standard which forbids the behavior.  No change needed.
Comment 2 Rich Felker 2011-09-08 03:34:51 UTC
You may be right, simply because I misread the "may fail" as if it were "shall fail". Presumably an implementation may do whatever it likes when base is invalid.

Still I think it would be nice to "fix" this.