libbsd 0.5.1 causing segfault in FreeIPA
Guillem Jover
guillem at hadrons.org
Thu Jun 6 22:38:44 PDT 2013
On Fri, 2013-06-07 at 07:37:00 +0200, Guillem Jover wrote:
> Hi!
>
> On Thu, 2013-06-06 at 11:31:18 -0600, Eric Smith wrote:
> > Backtraces are in this Fedora bug:
> >
> > https://bugzilla.redhat.com/show_bug.cgi?id=971513
>
> > The comment by Nalin Dahyabhai seems quite informative, so I'll quote it here:
> >
> > The top couple of frames in my backtrace (with a little more
> > debuginfo) look like this:
> >
> > #0 __strchr_sse2 () at ../sysdeps/x86_64/strchr.S:32
> > #1 0x00007fffec389cdb in spt_copyenv (oldenv=0x55555577ec10)
> > at setproctitle.c:94
> > #2 spt_init (argc=8, argv=0x7fffffffe448, envp=0x55555577ec10)
> > at setproctitle.c:172
> >
> > I think that spt_init's use of the passed-in value of "environ" is
> > causing some trouble because when it calls spt_clearenv(), and
> > spt_clearenv() ends up calling clearenv(), the value is freed before
> > it's read.
>
> Hmm, indeed that's bogus. I've quickly cooked the attached patch...
With the patch attached this time.
> > Patching spt_clearenv() to behave as if HAVE_CLEARENV isn't defined
> > keeps it from crashing on my system, as the fallback path doesn't
> > actually free the old environment.
>
> ... but then I'm thinking it's not worth it, and the tiny memory leak
> it introduces (which is inherent anyway in most libc implementations
> when changing the environment) by not using clearenv() is better than
> the complexity this adds to the constructor.
>
> So, if no one has any compelling reason, I'll release 0.5.2 with
> clearenv() completely removed later today.
Thanks,
Guillem
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-When-using-clearenv-create-a-copy-of-the-environ-poi.patch
Type: text/x-diff
Size: 2490 bytes
Desc: not available
URL: <http://lists.freedesktop.org/archives/libbsd/attachments/20130607/fc4e8306/attachment.patch>
More information about the libbsd
mailing list