From owner-cvs-all@FreeBSD.ORG Mon Apr 30 17:05:41 2007 Return-Path: X-Original-To: cvs-all@freebsd.org Delivered-To: cvs-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id B2DE816A403; Mon, 30 Apr 2007 17:05:41 +0000 (UTC) (envelope-from ache@nagual.pp.ru) Received: from nagual.pp.ru (nagual.pp.ru [194.87.13.69]) by mx1.freebsd.org (Postfix) with ESMTP id 3259613C448; Mon, 30 Apr 2007 17:05:40 +0000 (UTC) (envelope-from ache@nagual.pp.ru) Received: from nagual.pp.ru (ache@localhost [127.0.0.1]) by nagual.pp.ru (8.14.1/8.14.1) with ESMTP id l3UH5dum082766; Mon, 30 Apr 2007 21:05:39 +0400 (MSD) (envelope-from ache@nagual.pp.ru) Received: (from ache@localhost) by nagual.pp.ru (8.14.1/8.14.1/Submit) id l3UH5dqx082765; Mon, 30 Apr 2007 21:05:39 +0400 (MSD) (envelope-from ache) Date: Mon, 30 Apr 2007 21:05:38 +0400 From: Andrey Chernov To: John Baldwin Message-ID: <20070430170537.GA82681@nagual.pp.ru> Mail-Followup-To: Andrey Chernov , John Baldwin , src-committers@freebsd.org, cvs-src@freebsd.org, cvs-all@freebsd.org References: <200704301516.l3UFGJbu019162@repoman.freebsd.org> <200704301229.21190.jhb@freebsd.org> <200704301254.45807.jhb@freebsd.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200704301254.45807.jhb@freebsd.org> User-Agent: Mutt/1.5.15 (2007-04-06) Cc: cvs-src@freebsd.org, src-committers@freebsd.org, cvs-all@freebsd.org Subject: Re: cvs commit: src/usr.sbin/sysinstall main.c X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Apr 2007 17:05:41 -0000 On Mon, Apr 30, 2007 at 12:54:45PM -0400, John Baldwin wrote: > Hmm, I think I see that this is orthogonal to the setenv(3) fix, but still, if > one does this: > > char *cp = strdup("FOO=bar"); > putenv(cp); > ... > setenv("FOO", "baz"); cp value is undefined right here and can't be safely printed afterwards. Anything can happens at printf including core dump. > ... > setenv("FOO", "really_long_string"); > ... > printf("FOO: %s\n", cp + 4); > > You are going to get 'baz' in the printf output. Or if one does: > > char *cp = strdup("FOO=bar"); > putenv(cp); > ... > setenv("FOO", "really_long_string"); Again, cp value is undefined right here and can't be safely printed afterwards. > ... > strcpy(cp + 4, "baz"); > ... > printf("FOO: %s\n", getenv("FOO")); > > You are going to get 'really_long_string' in the printf output, and not 'baz'. -- http://ache.pp.ru/