Date: Mon, 30 Apr 2007 21:43:09 +0400 From: Andrey Chernov <ache@freebsd.org> To: John Baldwin <jhb@freebsd.org>, src-committers@freebsd.org, cvs-src@freebsd.org, cvs-all@freebsd.org Subject: Re: cvs commit: src/usr.sbin/sysinstall main.c Message-ID: <20070430174309.GA82975@nagual.pp.ru> In-Reply-To: <20070430170537.GA82681@nagual.pp.ru> References: <200704301516.l3UFGJbu019162@repoman.freebsd.org> <200704301229.21190.jhb@freebsd.org> <200704301254.45807.jhb@freebsd.org> <20070430170537.GA82681@nagual.pp.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Apr 30, 2007 at 09:05:38PM +0400, Andrey Chernov wrote:
> On Mon, Apr 30, 2007 at 12:54:45PM -0400, John Baldwin wrote:
> > Hmm, I think I see that this is orthogonal to the setenv(3) fix, but still, if
> > one does this:
> >
> > char *cp = strdup("FOO=bar");
> > putenv(cp);
> > ...
> > setenv("FOO", "baz");
>
> cp value is undefined right here and can't be safely printed afterwards.
> Anything can happens at printf including core dump.
To clarify things a bit. Standard says (setenv):
"The strings described by envname and envval are copied by this
function."
Yes, if there is enough room into putenv arg, they are currently copied!
But copying is impossible at all, if there is no room left in the putenv
arg, so new string should be allocated in any case. Old putenv pointer
even can't be realloc'ed because it is not supposed to be malloc'ed at
all, it can be static buffer too. All it means that putenv room can become
invalid just after first setenv call.
--
http://ache.pp.ru/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070430174309.GA82975>