prevent crashes in applications which carefully and manually construct
a temporary environment and later restore the original environment
like Emacs 24.
Problem reported by Thomas Klausner on "pkgsrc-users" mailing list.
- turn lint -w for all the platforms after fixing the lint warnings.
- add _DIAGASSERTS() for casts that would assign values to types that
would not fit.
- change types, add casts
- change into ansii prototypes
- turn on _DIAGNOSTIC for libc (during current, to be eliminated for release
builds)
approved by core@
definitions to the ones provided by csu, but harmless since the linker resolves
them. There are 3 non weak data symbols provided in crt0.o:
D __progname [initialized data, assigned to ""]
B __ps_strings [BSS since assigned to 0]
C environ [common, uninitialized]
__ps_strings had already a second definition in libc (in BSS), now we added
__progname and __ps_strings (in BSS).
To get rid of the duplicate definition, we can remove them from csu, and
move the assignments to libc.
This is done so that libc has no undefined symbols so that linker maps
that want to do:
...
local:
*;
...
don't end up producing link failures for libc.
Rename __libc_init to _libc_init and call it explicitly from CSU code.
This enforces the constructor run order for newly linked programs.
Keep it as constructor with run-once semantic for binary compatibility.
Implement dl_iterate_phdr for statically linked programs.
This material is based upon work partially supported by
The NetBSD Foundation under a contract with Joerg Sonnenberger.
on "current-users" mailing list. Garbage collection is performed if:
1.) We previously allocated memory for the environment array which
is no longer used because the application overwrote "environ".
2.) We find a non-NULL pointer in the allocated environment array after
the end of the environment. This happens if the applications attempts
to clear the environment with something like "environ[0] = NULL;".
2.) Add a wrapper function __findenv() which implements the previous
*internal* interface. It turns out that ld.elf_so(1) and pthread(3)
both use it.
Stripping e.g. "LD_LIBRARY_PATH" from the environment while running
setuid binaries works again now.
- Use RB tree to keep track of memory allocated via setenv(3) as
suggested by Enami Tsugutomo in private e-mail.
This simplifies the code a lot as we no longer need to keep the size
of "environ" in sync with an array of allocated environment variables.
It also makes it possible to free environment variables in unsetenv(3)
if something has changed the order of the "environ" array.
- Fix a bug in getenv(3) and getenv_r(3) which would return bogus
results e.g. for " getenv("A=B") " if an environment variable "A"
with value "B=C" exists.
- Clean up the internal functions:
- Don't expose the read/write lock for the environment to other parts
of "libc". Provide locking functions instead.
- Use "bool" to report success or failure.
- Use "ssize_t" or "size_t" instead of "int" for indexes.
- Provide internal functions with simpler interfaces e.g. don't
combine return values and reference arguments.
- Don't copy "environ" into an allocated block unless we really need
to grow it.
Code reviewed by Joerg Sonnenberger and Christos Zoulas, tested by
Joerg Sonnenberger and me. These changes also fix problems in
zsh 4.3.* and pam_ssh according to Joerg.
now fails with EINVAL errno when variable is NULL, empty or contains
an `=' character; or value is NULL.
Adjust the man page accordingly, and exercize them in the existing
environment testcase.
on constant strings (e.g. postdrop(1)):
- Don't write to the environment string passed to putenv(3).
- Don't overwrite the value of an existing environment string
unless the memory was actually allocated by setenv(3).
variables: only free memory if the current value points to the same
memory area as the allocated block. This will prevent crashes if an
application changes the order of the environment array.
Unfortunately this is still not enough to stop zsh 4.2.* from crashing.
zsh 4.3.* works fine before and after this change.
using a bitmap. This deals with the case where a variable is first
set via setenv(3) or putenv(3), then overwritten by changing
"environ" directory and afterwards overwritten with setenv(3) again.
This stops "zsh" from crashing under NetBSD-current.
Code reviewed by Christos Zoulas.
Partial fix: Don't allocate a new string if the length is equal to the
old length, because presumably the old string was also nul terminated
so it has the extra byte needed.
The real fix is to keep an adjunct array of bits, one for each environment
variable and keep track if the entry was allocated or not so that we can
free it in unsetenv.
reference the latter as a return of main() results in a call to exit(3),
so this ensures that the libc constructors are run for statically linked
programs. Fixes PR 37454.
manual page. This way malloc(3) can follow the standard terse format used
elsewhere in the libc, while additional details can be added to jemalloc(3).
Note HISTORY and AUTHORS in jemalloc(3), and add some reading material to
SEE ALSO.
function in a modern standard C library, exposed by <stdlib.h>, should be as
easy to (buffer) overflow as strsuftollx(3).
In addition, improvements to wording and markup.
In addition, list more bugs and caveats. Namely, the NetBSD implementation
(like the FreeBSD one where this was ported to) requires that the comparison
keys are allocated dynamically, and that hdestroy() will try to free(3) each
key. This obviously severely limits the portability, given that other
implementations (for example, the Linux one) make no such assumptions. Both
approaches are legitimate, and thus the real bug is in the ambiguity of the
standard.
We need to remove the old region before mremap() since if it relesae the
old region, other thread may map it for the same huge category allocation
and insert it to the tree before we acquire a lock after mremap().
Fixes PR/42876.
mutex, it's a good idea to convert the unlock path too so that the
recursive mutex gets released as many times as it was locked.
Fixes pthread + cxa deadlock.
The algorithm used is the Jenkins hash. The name (mi_vector_hash)
reflects the nature of the hash function.
Add glue for libc ATF tests and include a test case to make sure that
(mis)alignment and endianess are handled correctly.
Bump libc minor to 169.
joerg