* [PATCH] Fix execvp
@ 2005-07-24 21:11 Jakub Jelinek
2005-07-24 21:42 ` Ulrich Drepper
0 siblings, 1 reply; 2+ messages in thread
From: Jakub Jelinek @ 2005-07-24 21:11 UTC (permalink / raw)
To: Ulrich Drepper; +Cc: Glibc hackers
Hi!
If execvp is called without PATH in environment and with
a non-existent program, it crashes, as path passed to
free is not the allocated buffer (but instead points to
the beginning of last confstr (_CS_PATH, ...) path component,
i.e. when the allocated buffer contains ":/bin:/usr/bin",
free is called on malloc returned pointer + 6.
To test for this safely in the testsuite, I guess we would need
to first check if current directory (we have control over it),
/bin and /usr/bin (we don't) don't contain "really nonexistent file"
or something similar.
2005-07-24 Jakub Jelinek <jakub@redhat.com>
[BZ #1125]
* posix/execvp.c (execvp): Change path_malloc to
char *, free that pointer on failure.
--- libc/posix/execvp.c.jj 2005-04-26 12:06:47.000000000 +0200
+++ libc/posix/execvp.c 2005-07-24 23:03:03.000000000 +0200
@@ -88,7 +88,7 @@ execvp (file, argv)
else
{
char *path = getenv ("PATH");
- bool path_malloc = false;
+ char *path_malloc = NULL;
if (path == NULL)
{
/* There is no `PATH' in the environment.
@@ -100,7 +100,7 @@ execvp (file, argv)
return -1;
path[0] = ':';
(void) confstr (_CS_PATH, path + 1, len);
- path_malloc = true;
+ path_malloc = path;
}
size_t len = strlen (file) + 1;
@@ -108,8 +108,7 @@ execvp (file, argv)
char *name = malloc (pathlen + len + 1);
if (name == NULL)
{
- if (path_malloc)
- free (path);
+ free (path_malloc);
return -1;
}
/* Copy the file name at the top. */
@@ -190,8 +189,7 @@ execvp (file, argv)
free (script_argv);
free (name - pathlen);
- if (path_malloc)
- free (path);
+ free (path_malloc);
}
/* Return the error from the last attempt (probably ENOENT). */
Jakub
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [PATCH] Fix execvp
2005-07-24 21:11 [PATCH] Fix execvp Jakub Jelinek
@ 2005-07-24 21:42 ` Ulrich Drepper
0 siblings, 0 replies; 2+ messages in thread
From: Ulrich Drepper @ 2005-07-24 21:42 UTC (permalink / raw)
To: Jakub Jelinek; +Cc: Glibc hackers
[-- Attachment #1: Type: text/plain, Size: 127 bytes --]
I added the patch and a test case.
--
➧ Ulrich Drepper ➧ Red Hat, Inc. ➧ 444 Castro St ➧ Mountain View, CA ❖
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 251 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2005-07-24 21:42 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2005-07-24 21:11 [PATCH] Fix execvp Jakub Jelinek
2005-07-24 21:42 ` Ulrich Drepper
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).