GNU bug report logs - #69438
basename faulty with nul and suffix

Previous Next

Package: guile;

Reported by: Zefram <zefram <at> fysh.org>

Date: Tue, 27 Feb 2024 20:27:02 UTC

Severity: normal

To reply to this bug, email your comments to 69438 AT debbugs.gnu.org.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to bug-guile <at> gnu.org:
bug#69438; Package guile. (Tue, 27 Feb 2024 20:27:02 GMT) Full text and rfc822 format available.
Acknowledgement sent to Zefram <zefram <at> fysh.org>:
New bug report received and forwarded. Copy sent to bug-guile <at> gnu.org. (Tue, 27 Feb 2024 20:27:02 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Zefram <zefram <at> fysh.org>
To: bug-guile <at> gnu.org
Subject: basename faulty with nul and suffix
Date: Tue, 27 Feb 2024 20:14:58 +0000

Trying out the basename function in Guile 3.0.9:

scheme@(guile-user)> (basename "foo/bar")
$1 = "bar"
scheme@(guile-user)> (basename "foo/bar" "r")
$2 = "ba"
scheme@(guile-user)> (basename "foo/bar" "x")
$3 = "bar"
scheme@(guile-user)> (basename "foo/bar\0baz/quux")
$4 = "bar"
scheme@(guile-user)> (basename "foo/bar\0baz/quux" "r")
$5 = "bar"
scheme@(guile-user)> (basename "foo/bar\0baz/quux" "x")
$6 = "ba"

The first three cases here show the function operating correctly on a
mundane pathname string.

The fourth case shows it operating in a debatable manner on a pathname
string that has an embedded nul.  This treatment of this case is based
on the idea that the string is acceptable as a pathname for file I/O
functions, and that the nul will serve to terminate the pathname (which
is what happens naturally in a naive treatment of passing the string to
a system call).  I note that the open-file function had that treatment
of embedded nuls in Guile 1.6, but that since Guile 1.8 it has instead
signalled an error on such a pathname string.  Are there any remaining
functions that accept embedded nuls in pathname strings?  If not, then the
basename and dirname functions probably ought to correspondingly signal
an error for an embedded nul.  (Incidentally, basename and dirname had
unambiguously incorrect treatment of embedded nuls prior to Guile 2.0,
so there's never yet been a version in which open-file and basename had
matching treatment of embedded nuls.)

But what I'm really interested in here is the fifth and sixth cases,
where there's an embedded nul in the pathname string and also a suffix
argument.  Accepting the interpretation of the embedded nul as correct,
the treatment here of the suffix is clearly faulty.  Whether the suffix
matches is being incorrectly checked against the original string, before
nul truncation, but the suffix removal is being applied to the correct
basename.  It's possible to give a suffix that matches the untruncated
string but is longer than the true basename, causing the suffix removal
to error due to indexing outside the string.  Whether the suffix matches
should instead be checked against the nul-truncated string.

-zefram
Information forwarded to bug-guile <at> gnu.org:
bug#69438; Package guile. (Wed, 28 Feb 2024 05:41:01 GMT) Full text and rfc822 format available.

Message #8 received at submit <at> debbugs.gnu.org (full text, mbox):

From: <tomas <at> tuxteam.de>
To: bug-guile <at> gnu.org
Subject: Re: bug#69438: basename faulty with nul and suffix
Date: Wed, 28 Feb 2024 06:31:52 +0100

[Message part 1 (text/plain, inline)]
On Tue, Feb 27, 2024 at 08:14:58PM +0000, Zefram via Bug reports for GUILE, GNU's Ubiquitous Extension Language wrote:
> Trying out the basename function in Guile 3.0.9:
> 
> scheme@(guile-user)> (basename "foo/bar")
> $1 = "bar"
> scheme@(guile-user)> (basename "foo/bar" "r")
> $2 = "ba"
> scheme@(guile-user)> (basename "foo/bar" "x")
> $3 = "bar"
> scheme@(guile-user)> (basename "foo/bar\0baz/quux")
> $4 = "bar"
> scheme@(guile-user)> (basename "foo/bar\0baz/quux" "r")
> $5 = "bar"
> scheme@(guile-user)> (basename "foo/bar\0baz/quux" "x")
> $6 = "ba"
> 
> The first three cases here show the function operating correctly on a
> mundane pathname string.

Hm. The functions are clearly designated as POSIX. In POSIX, \0 is
explicitly excluded as a legal character in paths [1] [2]. I guess
the implementation is just passing the buck to the OS's basename(3).

Arguably, it'd be friendlier for the function to throw an error,
but then, it'd be inconsistent with the OS. You can't win :-)

Perhaps, a note in the docs wouldn't harm, though.

Cheers

[1] https://pubs.opengroup.org/onlinepubs/009695399/basedefs/xbd_chap03.html#tag_03_266
[2] https://pubs.opengroup.org/onlinepubs/009695399/basedefs/xbd_chap03.html#tag_03_169
-- 
t

[signature.asc (application/pgp-signature, inline)]
This bug report was last modified 66 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.