Bug 2016 - argp --help infloop, via ARGP_HELP_FMT envvar
Summary: argp --help infloop, via ARGP_HELP_FMT envvar
Status: NEW
Alias: None
Product: glibc
Classification: Unclassified
Component: argparse (show other bugs)
Version: 2.12
: P2 normal
Target Milestone: ---
Assignee: Roland McGrath
Depends on:
Reported: 2005-12-09 18:23 UTC by Jim Meyering
Modified: 2018-04-19 14:16 UTC (History)
2 users (show)

See Also:
Last reconfirmed:
fweimer: security-

A Minimal Program Using Argp (95 bytes, text/plain)
2005-12-12 20:47 UTC, Dwayne Grant McConnell
Patch from gnulib to resolve this issue. (1.92 KB, patch)
2005-12-13 19:20 UTC, Dwayne Grant McConnell
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Jim Meyering 2005-12-09 18:23:34 UTC
You can make any argp-using program infloop simply by running it
with --help and with something like ARGP_HELP_FMT=rmargin=a in the
environment.  Or use a valid (but small) width: ARGP_HELP_FMT=rmargin=2

  $ time ARGP_HELP_FMT=rmargin=2 tar --help > /dev/null
  ARGP_HELP_FMT=rmargin=2 tar --help > /dev/null  35.49s user 0.17s system 97% cp
u 36.648 total
  [Exit 130 (INT)]
Comment 1 Dwayne Grant McConnell 2005-12-12 19:10:28 UTC
Do you have a simple testcase handy?
Comment 2 jim@meyering.net 2005-12-12 19:46:24 UTC
Subject: Re:  argp --help infloop, via ARGP_HELP_FMT envvar

"decimal at us dot ibm dot com" <sourceware-bugzilla@sourceware.org> wrote:
> Do you have a simple testcase handy?

FYI, there's already a fix in gnulib:

Comment 3 jim@meyering.net 2005-12-12 20:24:40 UTC
Subject: Re:  argp --help infloop, via ARGP_HELP_FMT envvar

"decimal at us dot ibm dot com" <sourceware-bugzilla@sourceware.org> wrote:
> Do you have a simple testcase handy?

If you need a simple testcase, one of the four in
the glibc manual should do nicely.
Comment 4 Dwayne Grant McConnell 2005-12-12 20:44:31 UTC
I was able to reproduce.
Comment 5 Dwayne Grant McConnell 2005-12-12 20:47:42 UTC
Created attachment 799 [details]
A Minimal Program Using Argp

To reproduce the problem use
gcc -o glibc-2016-test glibc-2016-test.c
ARGP_HELP_FMT=rmargin=2 ./glibc-2016-test --help
Comment 6 Dwayne Grant McConnell 2005-12-13 19:20:46 UTC
Created attachment 801 [details]
Patch from gnulib to resolve this issue.

This patch was taken from
and resolves the problem. I have tested on ppc64 and ppc.
Comment 7 Dwayne Grant McConnell 2005-12-14 20:52:02 UTC
Sent a note to the gnulib argp maintainer to verify that copyright assignment
has already happened for this fix.
Comment 8 Dwayne Grant McConnell 2005-12-16 22:22:36 UTC
It seems the copyright assignment is in progress with the FSF.

The gnulib argp maintainer is interested in seeing other fixes get into glibc.
Not sure if there is any interest on the glibc end. Perhaps there is a policy to
only take fixes reported by users? or perhaps the goal would be to track gnulib
more closely if the resources were available to do it?
Comment 9 Roland McGrath 2005-12-22 01:08:16 UTC
The policy wrt gnulib copies of glibc code is that glibc's trunk is the master
source and gnulib maintainers have previously agreed to submit fixes to glibc
piecemeal as they come up, so as to keep the code in synch.  gnulib maintainers
can contact me to expedite any languishing gnulib patches, and they should
already be aware of this.  Anyone doing glibc bugzilla triage can identify
patches from gnulib maintainers and assign those bugs to me.

For future reference, a case like this does not need a small test case program
supplied.  It is sufficient if a command line using locale or suchlike is a good
test case.
Comment 10 Dwayne Grant McConnell 2006-02-09 21:20:20 UTC
Thanks for the info. The maintainer informed me that this was committed to gnulib.
Comment 11 Ulrich Drepper 2007-09-24 03:19:17 UTC
The attached patch does not only not apply, even after fixing it up it doesn't
solve the problem.  Either it never worked or the gnulib version is sufficiently
different.  Please provide a correct patch.
Comment 12 Petr Baudis 2010-06-01 03:29:33 UTC
no response
Comment 13 jim@meyering.net 2010-06-01 05:40:09 UTC
This bug report is still valid and the bug afflicts rawhide's
glibc-2.12.90-1.x86_64. Running this example from the manual still infloops:

$ cat k.c; gcc k.c; ARGP_HELP_FMT=rmargin=2 ./a.out --help > /dev/null
#include <argp.h>
int main (int argc, char **argv)
  argp_parse (0, argc, argv, 0, 0, 0);
  return 0;
Comment 14 jim@meyering.net 2010-06-01 10:17:10 UTC
FYI, the referenced patch ensures that the new function, validate_uparams, is
used to reject invalid parameters.  Rerunning my example, built against the
version in gnulib produces this:

a.out: ARGP_HELP_FMT: rmargin value is less than or equal to short-opt-col
Comment 15 Florian Weimer 2018-04-19 14:16:49 UTC
Still not fixed in master.