From owner-cvs-all@FreeBSD.ORG Mon Apr 30 17:43:13 2007 Return-Path: X-Original-To: cvs-all@freebsd.org Delivered-To: cvs-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 301D416A406; Mon, 30 Apr 2007 17:43:13 +0000 (UTC) (envelope-from ache@nagual.pp.ru) Received: from nagual.pp.ru (nagual.pp.ru [194.87.13.69]) by mx1.freebsd.org (Postfix) with ESMTP id 9FDB513C4BD; Mon, 30 Apr 2007 17:43:12 +0000 (UTC) (envelope-from ache@nagual.pp.ru) Received: from nagual.pp.ru (ache@localhost [127.0.0.1]) by nagual.pp.ru (8.14.1/8.14.1) with ESMTP id l3UHhBNU083098; Mon, 30 Apr 2007 21:43:11 +0400 (MSD) (envelope-from ache@nagual.pp.ru) Received: (from ache@localhost) by nagual.pp.ru (8.14.1/8.14.1/Submit) id l3UHhAgJ083097; Mon, 30 Apr 2007 21:43:10 +0400 (MSD) (envelope-from ache) Date: Mon, 30 Apr 2007 21:43:09 +0400 From: Andrey Chernov To: John Baldwin , src-committers@freebsd.org, cvs-src@freebsd.org, cvs-all@freebsd.org Message-ID: <20070430174309.GA82975@nagual.pp.ru> Mail-Followup-To: Andrey Chernov , John Baldwin , src-committers@freebsd.org, cvs-src@freebsd.org, cvs-all@freebsd.org References: <200704301516.l3UFGJbu019162@repoman.freebsd.org> <200704301229.21190.jhb@freebsd.org> <200704301254.45807.jhb@freebsd.org> <20070430170537.GA82681@nagual.pp.ru> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20070430170537.GA82681@nagual.pp.ru> User-Agent: Mutt/1.5.15 (2007-04-06) Cc: Subject: Re: cvs commit: src/usr.sbin/sysinstall main.c X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Apr 2007 17:43:13 -0000 On Mon, Apr 30, 2007 at 09:05:38PM +0400, Andrey Chernov wrote: > On Mon, Apr 30, 2007 at 12:54:45PM -0400, John Baldwin wrote: > > Hmm, I think I see that this is orthogonal to the setenv(3) fix, but still, if > > one does this: > > > > char *cp = strdup("FOO=bar"); > > putenv(cp); > > ... > > setenv("FOO", "baz"); > > cp value is undefined right here and can't be safely printed afterwards. > Anything can happens at printf including core dump. To clarify things a bit. Standard says (setenv): "The strings described by envname and envval are copied by this function." Yes, if there is enough room into putenv arg, they are currently copied! But copying is impossible at all, if there is no room left in the putenv arg, so new string should be allocated in any case. Old putenv pointer even can't be realloc'ed because it is not supposed to be malloc'ed at all, it can be static buffer too. All it means that putenv room can become invalid just after first setenv call. -- http://ache.pp.ru/