cvs commit: src/usr.sbin/sysinstall main.c
Andrey Chernov
ache at freebsd.org
Mon Apr 30 17:43:13 UTC 2007
On Mon, Apr 30, 2007 at 09:05:38PM +0400, Andrey Chernov wrote:
> On Mon, Apr 30, 2007 at 12:54:45PM -0400, John Baldwin wrote:
> > Hmm, I think I see that this is orthogonal to the setenv(3) fix, but still, if
> > one does this:
> >
> > char *cp = strdup("FOO=bar");
> > putenv(cp);
> > ...
> > setenv("FOO", "baz");
>
> cp value is undefined right here and can't be safely printed afterwards.
> Anything can happens at printf including core dump.
To clarify things a bit. Standard says (setenv):
"The strings described by envname and envval are copied by this
function."
Yes, if there is enough room into putenv arg, they are currently copied!
But copying is impossible at all, if there is no room left in the putenv
arg, so new string should be allocated in any case. Old putenv pointer
even can't be realloc'ed because it is not supposed to be malloc'ed at
all, it can be static buffer too. All it means that putenv room can become
invalid just after first setenv call.
--
http://ache.pp.ru/
More information about the cvs-src
mailing list