From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <msebor@sourceware.org>
Received: by sourceware.org (Postfix, from userid 1930)
 id 2F27C385DC30; Wed, 26 Jan 2022 02:58:30 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 2F27C385DC30
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Martin Sebor <msebor@sourceware.org>
To: glibc-cvs@sourceware.org
Subject: [glibc] stdlib: Avoid -Wuse-after-free in __add_to_environ [BZ #26779]
X-Act-Checkin: glibc
X-Git-Author: Martin Sebor <msebor@redhat.com>
X-Git-Refname: refs/heads/master
X-Git-Oldrev: ee52ab25ba875f458981fce22c54e3c04c7a17d3
X-Git-Newrev: 4f20a1dc5242fb4bb8763e0451df898fa48e740c
Message-Id: <20220126025830.2F27C385DC30@sourceware.org>
Date: Wed, 26 Jan 2022 02:58:30 +0000 (GMT)
X-BeenThere: glibc-cvs@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Glibc-cvs mailing list <glibc-cvs.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/glibc-cvs>,
 <mailto:glibc-cvs-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/glibc-cvs/>
List-Help: <mailto:glibc-cvs-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/glibc-cvs>,
 <mailto:glibc-cvs-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Jan 2022 02:58:30 -0000

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4f20a1dc5242fb4bb8763e0451df898fa48e740c

commit 4f20a1dc5242fb4bb8763e0451df898fa48e740c
Author: Martin Sebor <msebor@redhat.com>
Date:   Tue Jan 25 17:39:36 2022 -0700

    stdlib: Avoid -Wuse-after-free in __add_to_environ [BZ #26779]
    
    Reviewed-by: Carlos O'Donell <carlos@redhat.com>

Diff:
---
 stdlib/setenv.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/stdlib/setenv.c b/stdlib/setenv.c
index c3d2cee7b6..2176cbac31 100644
--- a/stdlib/setenv.c
+++ b/stdlib/setenv.c
@@ -150,7 +150,9 @@ __add_to_environ (const char *name, const char *value, const char *combined,
     {
       char **new_environ;
 
-      /* We allocated this space; we can extend it.  */
+      /* We allocated this space; we can extend it.  Avoid using the raw
+	 reallocated pointer to avoid GCC -Wuse-after-free.  */
+      uintptr_t ip_last_environ = (uintptr_t)last_environ;
       new_environ = (char **) realloc (last_environ,
 				       (size + 2) * sizeof (char *));
       if (new_environ == NULL)
@@ -159,7 +161,7 @@ __add_to_environ (const char *name, const char *value, const char *combined,
 	  return -1;
 	}
 
-      if (__environ != last_environ)
+      if ((uintptr_t)__environ != ip_last_environ)
 	memcpy ((char *) new_environ, (char *) __environ,
 		size * sizeof (char *));