diff options
| author | Daniel Palmer <daniel@thingy.jp> | 2026-05-20 20:19:31 +0900 |
|---|---|---|
| committer | Thomas Weißschuh <linux@weissschuh.net> | 2026-05-20 18:43:17 +0200 |
| commit | 136ca91411b0b637e862eb7b1cce2a56853edd17 (patch) | |
| tree | b6713fca7fadce2da899a3983e5cdc655ca2c006 /tools/include | |
| parent | 2ee39c5fb3a0cdc5da5026e78718ac7d92ea48c4 (diff) | |
tools/nolibc: getopt: Fix potential out of bounds access
Running clang-tidy on a program that uses getopt() from nolibc
this warning appears:
getopt.h:80:6: warning: Out of bound access to memory after the end of the string literal [clang-analyzer-security.ArrayBound]
80 | if (optstring[i] == ':') {
This looks like a very unlikely case that an argument
inside of argv is being changed between getopt() calls.
Adding a check for d becoming 0 in the guard after the loop
stops getopt() getting far enough to access beyond the end
of the array and seems to correct the issue.
Fixes: bae3cd708e8a ("tools/nolibc: add getopt()")
Assisted-by: Claude:claude-4.6-sonnet # reproducer
Signed-off-by: Daniel Palmer <daniel@thingy.jp>
Link: https://patch.msgid.link/20260520111931.1027758-1-daniel@thingy.jp
[Thomas: clean up commit message a bit]
Signed-off-by: Thomas Weißschuh <linux@weissschuh.net>
Diffstat (limited to 'tools/include')
| -rw-r--r-- | tools/include/nolibc/getopt.h | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/tools/include/nolibc/getopt.h b/tools/include/nolibc/getopt.h index 87565e3b6a33..3ad140f692df 100644 --- a/tools/include/nolibc/getopt.h +++ b/tools/include/nolibc/getopt.h @@ -71,7 +71,7 @@ int getopt(int argc, char * const argv[], const char *optstring) d = optstring[i++]; } while (d && d != c); - if (d != c || c == ':') { + if (!d || d != c || c == ':') { optopt = c; if (optstring[0] != ':' && opterr) fprintf(stderr, "%s: unrecognized option: %c\n", argv[0], *optchar); |
