Re: xterm segfaults from environment variables - too obvious

[luyer () UCS UWA EDU AU (David Luyer)]

On Tue, 11 Mar 1997, Alex Belits wrote:

>  After some looking at the code I think, I've found the real cause of
> coredumps. getenv in getenv2.so returns always the same static buffer
> while real getenv returns pointers to actual environment. xterm crashes
> with getenv2.so compiled from given source but doesn't crash if static
> keyword is removed thus causing "environment values" to be malloc'ed every
> time.

You are COMPLETELY wrong here.  xterm crashes on this system by putting
60,000 characters into the relevant environment variables as found by the
script, I have tested this.  Think about your code mod - removing static
from the various means !big_string_buf is always defined and there is
never an attempt to overflow a variable!!!

Please, have a clue and don't accuse perfect working code of not working
and change it with complete disregard for the algorithm.


  static char *big_string_buf = 0;
  ^^^^^^ this is static

  if(!big_string_buf) {
  ^^^^^^^^^^^^^^^^^^^^^ so this only happens once
    if(!(big_string_buf = (char *)malloc(70000))) {
      big_string_buf = "mallocfailed";
      printf("Failed to malloc test string buffer.\n");
    } else {
      for(i=0;i<70000/4;i++)
        memcpy(big_string_buf+i*4, "f00l", 4);
      big_string_buf[70000] = '\0';
    }
    for (ep = __environ; *ep != 0; ++ep)
      if (!strncmp(*ep, "ENV_TEST_VAR=", 13))
        i = atoi(&(*ep)[13]);
    ^^^^^^^^^^^^^^^^^^^^^^^^^ otherwise this gets reset each cycle
  }


David.