Bugtraq mailing list archives
Re: xterm segfaults from environment variables - too obvious
From: luyer () UCS UWA EDU AU (David Luyer)
Date: Wed, 12 Mar 1997 13:10:15 +0800
On Tue, 11 Mar 1997, Alex Belits wrote:
After some looking at the code I think, I've found the real cause of coredumps. getenv in getenv2.so returns always the same static buffer while real getenv returns pointers to actual environment. xterm crashes with getenv2.so compiled from given source but doesn't crash if static keyword is removed thus causing "environment values" to be malloc'ed every time.
You are COMPLETELY wrong here. xterm crashes on this system by putting 60,000 characters into the relevant environment variables as found by the script, I have tested this. Think about your code mod - removing static from the various means !big_string_buf is always defined and there is never an attempt to overflow a variable!!! Please, have a clue and don't accuse perfect working code of not working and change it with complete disregard for the algorithm. static char *big_string_buf = 0; ^^^^^^ this is static if(!big_string_buf) { ^^^^^^^^^^^^^^^^^^^^^ so this only happens once if(!(big_string_buf = (char *)malloc(70000))) { big_string_buf = "mallocfailed"; printf("Failed to malloc test string buffer.\n"); } else { for(i=0;i<70000/4;i++) memcpy(big_string_buf+i*4, "f00l", 4); big_string_buf[70000] = '\0'; } for (ep = __environ; *ep != 0; ++ep) if (!strncmp(*ep, "ENV_TEST_VAR=", 13)) i = atoi(&(*ep)[13]); ^^^^^^^^^^^^^^^^^^^^^^^^^ otherwise this gets reset each cycle } David.
Current thread:
- Re: xterm segfaults from environment variables - too obvious Alex Belits (Mar 11)
- Re: xterm segfaults from environment variables - too obvious David Luyer (Mar 11)