Hi,
this was found by using KLEE [1] on Coreutils 8.30 (shred, stty, sync,
tail, and probably also in dd (untested)). These tools call
fcntl (fd, F_GETFL)
F_GETFL is not handled in fcntl.c:rpl_fcntl and the default case tries
to access a non-existing argument:
--
default:
{
#if HAVE_FCNTL
void *p = va_arg (arg, void *); <---
result = fcntl (fd, action, p);
#else
errno = EINVAL;
#endif
break;
}
}
va_end (arg);
return result;
--
Kind regards,
Frank
[1] https://klee.github.io/
