This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[patch] Error on setenv(..., NULL, ...)


Greetings,

The following test program:

#include <stdlib.h>
#include <stdio.h>

int main() {
  setenv("ZZZ", NULL, 1);
  char *p = getenv("ZZZ");
  printf("%c\n", p[0]);
  return 0;
}

produces "unusable" environment, in which getenv("ZZZ") succeeds, but
you can't look at any bytes of the resulting pointer:

gcc -g t.c
t.c: In function âmainâ:
t.c:5:3: warning: null argument where non-null required (argument 2) [-Wnonnull]
   setenv("ZZZ", NULL, 1);
   ^

valgrind ./a.out

==27832== Invalid read of size 1
==27832==    at 0x4005FB: main (/tmp/t.c:7)
==27832==  Address 0x4dea3e4 is 0 bytes after a block of size 4 alloc'd
==27832==    at 0x40307C4: malloc
(valgrind/coregrind/m_replacemalloc/vg_replace_malloc.c:270)
==27832==    by 0x4A60C59: __add_to_environ
(/build/buildd/eglibc-2.19/stdlib/setenv.c:193)
==27832==    by 0x40344BF: setenv (valgrind/memcheck/mc_replace_strmem.c:1643)
==27832==    by 0x4005E8: main (/tmp/t.c:5)


See also https://sourceware.org/ml/libc-alpha/2015-03/msg00402.html,
where GLIBC performed the bad setenv() itself.

Attached trivial patch makes setenv(..., NULL, ...) fail instead of
producing "bad" environment. Tested on Linux/x86_64, no new failures.

Thanks,


2015-03-11  Paul Pluzhnikov  <ppluzhnikov@google.com>

        * stdlib/setenv.c (setenv): Reject NULL value in setenv.



-- 
Paul Pluzhnikov

Attachment: null-setenv.patch.txt
Description: Text document


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]