[VDPAU] [PATCH] Save the result from secure_getenv
Rémi Denis-Courmont
remi at remlab.net
Wed Feb 17 23:38:24 UTC 2016
Le 2016-02-18 00:51, Zach Angold a écrit :
> Thanks for your input, but there seems to be another way we can lose
> the result from secure_getenv.
>
> From the man page for getenv(3):
> The implementation of getenv() is not required to be reentrant.
> The string pointed to by the return value of getenv() may be
> statically allocated, and can be modified by a subsequent call
> to getenv(), putenv(3), setenv(3), or unsetenv(3).
I think you are missing the point here. getenv() is not strictly
required to be reentrant in POSIX. Neither is secure_getenv(). Your
patch does not fix that. You cannot fix that without removing getenv()
*and* secure_getenv() everywhere in the process (which is unrealistic),
and replacing it with someting reentrant.
In practice, getenv() and secure_getenv() are reentrant provided that
the environment is NOT modified within the process.
> In theory we could run into problems with this since (without this
> patch) we use the return value of secure_getenv("VDPAU_DRIVER") after
> calling secure_getenv("VDPAU_DRIVER_PATH"). Replacing the other two
> occurrences of secure_getenv with safe_secure_getenv has no
> functional
> impact on libvdpau as it is, but it could prevent problems like this
> in the future.
Again, if the environment is modified within the process, you are
treading undefined behaviour already. At that point, you are screwed.
You cannot fix it.
In practice, the return value of getenv() or secure_getenv() becomes
garbage.
--
Rémi Denis-Courmont
http://www.remlab.net/
More information about the VDPAU
mailing list