netbsd-bugs: Re: lib/12393: segfault in setenv(3)

Subject: Re: lib/12393: segfault in setenv(3)
To: None <sjg@quick.com.au>
From: Chris G. Demetriou <cgd@sibyte.com>
List: netbsd-bugs
Date: 03/12/2001 10:11:47

sjg@quick.com.au ("Simon J. Gerraty") writes:
> Setenv(3), does not check for environ==NULL.  If the realloc of environ fails
> environ will be NULL and next call to setenv or unsetenv will segfault.

This would seem to be a different class of bug:

if realloc() returns NULL, the original block is unchanged.

Therefore, as far as I can tell, in the code:

                        environ = realloc(environ,
                            (size_t)(sizeof(char *) * (cnt + 2))); 
                        if (!environ) {
                                rwlock_unlock(&__environ_lock);
                                return (-1);
                        }

if realloc() returns NULL:

(1) there's a memory leak, and

(2) the previous contents of the environment are unnecessarily lost.

I think that the assumption that environ will never be NULL is
probably correct, and the real bug to be fixed is in the use of
realloc().

cgd