From owner-freebsd-bugs@FreeBSD.ORG Wed May 14 15:10:00 2014 Return-Path: Delivered-To: freebsd-bugs@smarthost.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 8D29F884 for ; Wed, 14 May 2014 15:10:00 +0000 (UTC) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 6A244291A for ; Wed, 14 May 2014 15:10:00 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.8/8.14.8) with ESMTP id s4EFA0Dl006364 for ; Wed, 14 May 2014 15:10:00 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.8/8.14.8/Submit) id s4EFA0MR006363; Wed, 14 May 2014 15:10:00 GMT (envelope-from gnats) Resent-Date: Wed, 14 May 2014 15:10:00 GMT Resent-Message-Id: <201405141510.s4EFA0MR006363@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Garrett Cooper Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 77F75813 for ; Wed, 14 May 2014 15:04:50 +0000 (UTC) Received: from cgiserv.freebsd.org (cgiserv.freebsd.org [IPv6:2001:1900:2254:206a::50:4]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4A32828DC for ; Wed, 14 May 2014 15:04:50 +0000 (UTC) Received: from cgiserv.freebsd.org ([127.0.1.6]) by cgiserv.freebsd.org (8.14.8/8.14.8) with ESMTP id s4EF4nbr022120 for ; Wed, 14 May 2014 15:04:49 GMT (envelope-from nobody@cgiserv.freebsd.org) Received: (from nobody@localhost) by cgiserv.freebsd.org (8.14.8/8.14.8/Submit) id s4EF4nQe022116; Wed, 14 May 2014 15:04:49 GMT (envelope-from nobody) Message-Id: <201405141504.s4EF4nQe022116@cgiserv.freebsd.org> Date: Wed, 14 May 2014 15:04:49 GMT From: Garrett Cooper To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Subject: bin/189805: setenv( X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 May 2014 15:10:00 -0000 >Number: 189805 >Category: bin >Synopsis: setenv( >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed May 14 15:10:00 UTC 2014 >Closed-Date: >Last-Modified: >Originator: Garrett Cooper >Release: 11-CURRENT >Organization: n/a >Environment: FreeBSD fuji-current.local 11.0-CURRENT FreeBSD 11.0-CURRENT #1 c7d920a(atf): Mon Apr 14 22:16:02 PDT 2014 root@fuji-current.local:/usr/obj/usr/src/sys/FUJI i386 >Description: One of the tests imported from FreeBSD tests out setenv with value => NULL as it's a requirement of the libcall. FreeBSD coredumps with a segfault on this test because libc (behind the scenes) runs a strcmp on the buffer, which subsequently blows up when trying to analyze the NULL pointer. value => NULL is undefined per POSIX, so the behavior is implementation dependent, but value is assumed to be a string, not a NULL pointer. It seems like an edgecase that could be caught and improved upon as it would be nice if an error was set or at the very least an assert was triggered in setenv when this situation was encountered so the error was localized to the block of code instead of corrupting the stack later on down the line. Here's what pho and I discovered: - FreeBSD/OSX segfault. - Linux succeeds. Subsequent getenvs return NULL. - NetBSD returns -1/sets EINVAL. Bruce E weighed in on this, and believes the libcall should always coredump, but he didn't recommend how it should coredump. >How-To-Repeat: % /bin/sh % cat > setenv_segfault.c < int main(void) { setenv("somevar", NULL, 0); return (0); } EOF % clang -g -Wall -o setenv_segfault setenv_segfault.c % gdb ./setenv_segfault GNU gdb 6.1.1 [FreeBSD] Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-marcel-freebsd"... (gdb) r Starting program: /root/setenv_segfault Program received signal SIGSEGV, Segmentation fault. 0x2818bd4d in strlen () from /lib/libc.so.7 (gdb) bt #0 0x2818bd4d in strlen () from /lib/libc.so.7 #1 0x28188a35 in setenv () from /lib/libc.so.7 #2 0x281885b8 in setenv () from /lib/libc.so.7 #3 0x080485c3 in main () at setenv_segfault.c:7 >Fix: The original proposed fix to just return/set and error is out here: https://github.com/yaneurabeya/freebsd/pull/5 . >Release-Note: >Audit-Trail: >Unformatted: