Bug #2546

Usage of assert() as runtime exception checks

Added by eryretqwewrqr over 6 years ago. Updated over 6 years ago.

Target version:


Lighty uses assert() for runtime checks.

This will remove all run-time checks from the code if CPPFLAGS="-DNDEBUG" is used, which is quite common in release-versions of code considered to be bug-free.

Which means that there will be no runtime checks at all in such executables!

This is highly dangerous and could be exploited by malicious attackers in many ways by provoking runtime errors which will no longer be correctly handled.

Please consider at least 2 options:

1. Modify the build script to remove any -DNDEBUG from CFLAGS and CPPFLAGS.

2. Replace assert() by a new function which does the same but is not affected by NDEBUG.

An example where I found dangerous usages of assert():

$ grep -n assert mod_cgi.c 
30:#include <assert.h>
88:     assert(hctx);
110:    assert(p);
166:            assert(s);
1080:                   assert(chunkqueue_length(cq) == (off_t)con->request.content_length);

assert() is intended for detecting bugs in the program logic which are no longer required once the program is bug-free.

runtime errors on the other hand need to be checked even in a bug-free program.


Updated by stbuehler over 6 years ago

Your out of context examples do not in any way hint that they are really dangerous; they could be ofc.

Especially the last one is an assert you usually would only want in a debug build, as it has a larger impact on performance.


Updated by stbuehler over 6 years ago

  • Priority changed from High to Normal
  • Target version set to 1.4.35

Updated by stbuehler over 6 years ago

  • Status changed from New to Fixed
  • % Done changed from 0 to 100

Applied in changeset r2948.

Also available in: Atom