[Bug 861132] Re: setenv ("NAME", NULL) corrupts environment

Bug Watch Updater 861132 at bugs.launchpad.net
Wed Sep 28 07:36:06 UTC 2011 

Launchpad has imported 1 comments from the remote bug at
http://sourceware.org/bugzilla/show_bug.cgi?id=13231.

If you reply to an imported comment from within Launchpad, your comment
will be sent to the remote bug automatically. Read more about
Launchpad's inter-bugtracker facilities at
https://help.launchpad.net/InterBugTracking.

------------------------------------------------------------------------
On 2011-09-28T05:23:32+00:00 Robert Ancell wrote:

Created attachment 5948
Proposed patch, which treats NULL value as "" (which I think is what the current code intends).

setenv ("NAME", NULL) corrupts the environment. It doesn't seem
specified what the function should do when value is NULL, but the code
does check for it - it just does the wrong thing:

stdlib/setenv.c:
...
__add_to_environ (name, value, combined, replace)
...
  const size_t vallen = value != NULL ? strlen (value) + 1 : 0;
...
      memcpy (new_value, name, namelen);
      new_value[namelen] = '=';
      memcpy (&new_value[namelen + 1], value, vallen);
...

i.e. the new value is set to "NAME=" without the trailing nul character.

Reply at: https://bugs.launchpad.net/eglibc/+bug/861132/comments/2


** Changed in: eglibc
       Status: Unknown => Confirmed

** Changed in: eglibc
   Importance: Unknown => Medium

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to eglibc in Ubuntu.
https://bugs.launchpad.net/bugs/861132

Title:
  setenv ("NAME", NULL) corrupts environment

Status in Embedded GLIBC:
  Confirmed
Status in “eglibc” package in Ubuntu:
  New

Bug description:
  setenv ("NAME", NULL) corrupts the environment.  It doesn't seem
  specified what the function should do when value is NULL, but the code
  does check for it - it just does the wrong thing:

  stdlib/setenv.c:
  ...
  __add_to_environ (name, value, combined, replace)
  ...
    const size_t vallen = value != NULL ? strlen (value) + 1 : 0;
  ...
        memcpy (new_value, name, namelen);
        new_value[namelen] = '=';
        memcpy (&new_value[namelen + 1], value, vallen);
  ...

  i.e. the new value is set to "NAME=" without the trailing nul
  character.

  Found in bug 861123 where indicator-datetime does a:
  x = g_strdup (getenv ("NAME"));
  unsetenv ("NAME");
  // do something
  setenv ("NAME", x);

To manage notifications about this bug go to:
https://bugs.launchpad.net/eglibc/+bug/861132/+subscriptions

More information about the foundations-bugs mailing list