libbsd 0.5.1 causing segfault in FreeIPA
guillem at hadrons.org
Thu Jun 6 22:38:44 PDT 2013
On Fri, 2013-06-07 at 07:37:00 +0200, Guillem Jover wrote:
> On Thu, 2013-06-06 at 11:31:18 -0600, Eric Smith wrote:
> > Backtraces are in this Fedora bug:
> > https://bugzilla.redhat.com/show_bug.cgi?id=971513
> > The comment by Nalin Dahyabhai seems quite informative, so I'll quote it here:
> > The top couple of frames in my backtrace (with a little more
> > debuginfo) look like this:
> > #0 __strchr_sse2 () at ../sysdeps/x86_64/strchr.S:32
> > #1 0x00007fffec389cdb in spt_copyenv (oldenv=0x55555577ec10)
> > at setproctitle.c:94
> > #2 spt_init (argc=8, argv=0x7fffffffe448, envp=0x55555577ec10)
> > at setproctitle.c:172
> > I think that spt_init's use of the passed-in value of "environ" is
> > causing some trouble because when it calls spt_clearenv(), and
> > spt_clearenv() ends up calling clearenv(), the value is freed before
> > it's read.
> Hmm, indeed that's bogus. I've quickly cooked the attached patch...
With the patch attached this time.
> > Patching spt_clearenv() to behave as if HAVE_CLEARENV isn't defined
> > keeps it from crashing on my system, as the fallback path doesn't
> > actually free the old environment.
> ... but then I'm thinking it's not worth it, and the tiny memory leak
> it introduces (which is inherent anyway in most libc implementations
> when changing the environment) by not using clearenv() is better than
> the complexity this adds to the constructor.
> So, if no one has any compelling reason, I'll release 0.5.2 with
> clearenv() completely removed later today.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 2490 bytes
Desc: not available
More information about the libbsd