Created attachment 5725 [details] sample code Description of problem: If error_one_per_line is set to a non-zero value, and error_at_line(3) is called consecutively with the same lineno, once with a NULL filename and the other non-NULL (in either order), the program SEGVs. GDB shows the function uses strcmp(3) without checking for NULL inputs. Version-Release number of selected component (if applicable): Fedora 14: glibc-2.13-1.i686 How reproducible: Always. Steps to Reproduce: 1. gcc -Wall error-segv.c && ./a.out Actual results: ./a.out: error_at_line with NULL filename: No such file or directory Segmentation fault (core dumped) Program received signal SIGSEGV, Segmentation fault. __strcmp_ia32 () at ../sysdeps/i386/i686/strcmp.S:39 39 L(oop): movb (%ecx), %al (gdb) bt #0 __strcmp_ia32 () at ../sysdeps/i386/i686/strcmp.S:39 #1 0x0070eea6 in __error_at_line (status=0, errnum=2, file_name=0x80485b9 "error-segv.c", line_number=10, message=0x8048594 "%s") at error.c:275 #2 0x080484bf in error_at_line () at /usr/include/bits/error.h:72 #3 main () at error-segv.c:10 Expected results: Since NULL != __FILE__, the error_one_per_line clause should not be triggered, and output should be generated. Additional info: Neither http://www.gnu.org/s/libc/manual/html_node/Error-Messages.html nor http://www.kernel.org/doc/man-pages/online/pages/man3/error.3.html give any indication that filename cannot be NULL; my tests show that without setting error_one_per_line, or even set with two consecutive NULL filenames, it works fine.
(In reply to comment #0) > My tests show that without setting error_one_per_line, or even set with two consecutive NULL filenames, it works fine. Scratch that; it also SEGVs if called twice consecutively with NULL filenames as well.
*** Bug 12767 has been marked as a duplicate of this bug. ***
Confirmed with vanilla glibc-2.13; this is not Fedora-specific.
I checked in a patch.