This is the mail archive of the libc-hacker@sources.redhat.com mailing list for the glibc project.
Note that libc-hacker is a closed list. You may look at the archives of this list, but subscription and posting are not open.
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
Other format: | [Raw text] |
Hi! Doing clearenv() before first malloc results in segfault (next_env_entry is called with &runp where runp == NULL, and dereferences the NULL pointer: char **current = *position; ... while (*current != NULL)). The patch below is mainly just indentation adjustement, with diff -upb it is a one-liner, adding if (__builtin_expect (_environ != NULL, 1)). 2002-12-27 Jakub Jelinek <jakub@redhat.com> * malloc/arena.c (ptmalloc_init): Don't call next_env_entry if _environ is NULL. --- libc/malloc/arena.c.jj 2002-12-12 01:38:54.000000000 +0100 +++ libc/malloc/arena.c 2002-12-27 02:19:17.000000000 +0100 @@ -436,49 +436,50 @@ ptmalloc_init __MALLOC_P((void)) #ifdef _LIBC secure = __libc_enable_secure; s = NULL; - { - char **runp = _environ; - char *envline; - - while (__builtin_expect ((envline = next_env_entry (&runp)) != NULL, - 0)) - { - size_t len = strcspn (envline, "="); - - if (envline[len] != '=') - /* This is a "MALLOC_" variable at the end of the string - without a '=' character. Ignore it since otherwise we - will access invalid memory below. */ - continue; - - switch (len) - { - case 6: - if (memcmp (envline, "CHECK_", 6) == 0) - s = &envline[7]; - break; - case 8: - if (! secure && memcmp (envline, "TOP_PAD_", 8) == 0) - mALLOPt(M_TOP_PAD, atoi(&envline[9])); - break; - case 9: - if (! secure && memcmp (envline, "MMAP_MAX_", 9) == 0) - mALLOPt(M_MMAP_MAX, atoi(&envline[10])); - break; - case 15: - if (! secure) - { - if (memcmp (envline, "TRIM_THRESHOLD_", 15) == 0) - mALLOPt(M_TRIM_THRESHOLD, atoi(&envline[16])); - else if (memcmp (envline, "MMAP_THRESHOLD_", 15) == 0) - mALLOPt(M_MMAP_THRESHOLD, atoi(&envline[16])); - } - break; - default: - break; - } - } - } + if (__builtin_expect (_environ != NULL, 1)) + { + char **runp = _environ; + char *envline; + + while (__builtin_expect ((envline = next_env_entry (&runp)) != NULL, + 0)) + { + size_t len = strcspn (envline, "="); + + if (envline[len] != '=') + /* This is a "MALLOC_" variable at the end of the string + without a '=' character. Ignore it since otherwise we + will access invalid memory below. */ + continue; + + switch (len) + { + case 6: + if (memcmp (envline, "CHECK_", 6) == 0) + s = &envline[7]; + break; + case 8: + if (! secure && memcmp (envline, "TOP_PAD_", 8) == 0) + mALLOPt(M_TOP_PAD, atoi(&envline[9])); + break; + case 9: + if (! secure && memcmp (envline, "MMAP_MAX_", 9) == 0) + mALLOPt(M_MMAP_MAX, atoi(&envline[10])); + break; + case 15: + if (! secure) + { + if (memcmp (envline, "TRIM_THRESHOLD_", 15) == 0) + mALLOPt(M_TRIM_THRESHOLD, atoi(&envline[16])); + else if (memcmp (envline, "MMAP_THRESHOLD_", 15) == 0) + mALLOPt(M_MMAP_THRESHOLD, atoi(&envline[16])); + } + break; + default: + break; + } + } + } #else if (! secure) { Jakub
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |