libbsd 0.5.1 causing segfault in FreeIPA

Guillem Jover guillem at hadrons.org
Thu Jun 6 22:37:00 PDT 2013


Hi!

On Thu, 2013-06-06 at 11:31:18 -0600, Eric Smith wrote:
> Backtraces are in this Fedora bug:
> 
> https://bugzilla.redhat.com/show_bug.cgi?id=971513

> The comment by Nalin Dahyabhai seems quite informative, so I'll quote it here:
> 
> The top couple of frames in my backtrace (with a little more
> debuginfo) look like this:
> 
> #0  __strchr_sse2 () at ../sysdeps/x86_64/strchr.S:32
> #1  0x00007fffec389cdb in spt_copyenv (oldenv=0x55555577ec10)
>     at setproctitle.c:94
> #2  spt_init (argc=8, argv=0x7fffffffe448, envp=0x55555577ec10)
>     at setproctitle.c:172
> 
> I think that spt_init's use of the passed-in value of "environ" is
> causing some trouble because when it calls spt_clearenv(), and
> spt_clearenv() ends up calling clearenv(), the value is freed before
> it's read.

Hmm, indeed that's bogus. I've quickly cooked the attached patch...

> Patching spt_clearenv() to behave as if HAVE_CLEARENV isn't defined
> keeps it from crashing on my system, as the fallback path doesn't
> actually free the old environment.

... but then I'm thinking it's not worth it, and the tiny memory leak
it introduces (which is inherent anyway in most libc implementations
when changing the environment) by not using clearenv() is better than
the complexity this adds to the constructor.

So, if no one has any compelling reason, I'll release 0.5.2 with
clearenv() completely removed later today.

Thanks,
Guillem


More information about the libbsd mailing list