Bug 65470 - libbsd-0.5.1 segfault in spt_copyenv() called from spt_init()
Summary: libbsd-0.5.1 segfault in spt_copyenv() called from spt_init()
Status: RESOLVED FIXED
Alias: None
Product: libbsd
Classification: Unclassified
Component: libbsd (show other bugs)
Version: unspecified
Hardware: x86-64 (AMD64) Linux (All)
: medium normal
Assignee: Guillem Jover
QA Contact:
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-06-06 17:49 UTC by Eric Smith
Modified: 2013-06-08 16:45 UTC (History)
0 users

See Also:
i915 platform:
i915 features:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Eric Smith 2013-06-06 17:49:29 UTC
Found by the Fedora FreeIPA team in testing the libbsd-0.5.1 update I submitted for Fedora 19.  See Fedora bug 971513:

https://bugzilla.redhat.com/show_bug.cgi?id=971513

Nalin Dahyabhai's comment seems particularly informative, so I quote it here:

The top couple of frames in my backtrace (with a little more debuginfo) look like this:

#0  __strchr_sse2 () at ../sysdeps/x86_64/strchr.S:32
#1  0x00007fffec389cdb in spt_copyenv (oldenv=0x55555577ec10)
    at setproctitle.c:94
#2  spt_init (argc=8, argv=0x7fffffffe448, envp=0x55555577ec10)
    at setproctitle.c:172

I think that spt_init's use of the passed-in value of "environ" is causing some trouble because when it calls spt_clearenv(), and spt_clearenv() ends up calling clearenv(), the value is freed before it's read.

Patching spt_clearenv() to behave as if HAVE_CLEARENV isn't defined keeps it from crashing on my system, as the fallback path doesn't actually free the old environment.
Comment 1 Guillem Jover 2013-06-07 05:40:41 UTC
As mentioned on the list, I've two possible fixes for this, which I'll include in 0.5.2 probably later today.
Comment 2 Guillem Jover 2013-06-08 16:45:11 UTC
Fixed in 0.5.2.


Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.