This is the mail archive of the glibc-bugs@sources.redhat.com mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[Bug libc/1125] New: crash in execvp()


This small program crashes glibc in execvp():

---------------------------------------------------
#include <unistd.h>

extern char **environ;
static char *empty[] = { 0 };

int main (void)
{
  environ = empty;
  execvp ("nothing ", empty);
  return 0;
}
---------------------------------------------------

$ ./a.out 
*** glibc detected *** free(): invalid pointer: 0x0000000000501016 ***
Aborted (core dumped)
$ 

similar effect can be achieved by executing "env -i nonexistent_program".

the problem seems to be here, posix/execvp.c:121:

      char *p = path;
      do
	{
	  char *startp;

	  path = p;                      // it changes 'path' inside loop
	  p = __strchrnul (path, ':');

          ...

	}
      while (*p++ != '\0');
      ...

      if (path_malloc)
	free (path);                     // and then frees it.

-- 
           Summary: crash in execvp()
           Product: glibc
           Version: 2.3.5
            Status: NEW
          Severity: normal
          Priority: P2
         Component: libc
        AssignedTo: gotom at debian dot or dot jp
        ReportedBy: belyshev at depni dot sinp dot msu dot ru
                CC: glibc-bugs at sources dot redhat dot com
  GCC host triplet: x86_64-*-linux-gnu


http://sources.redhat.com/bugzilla/show_bug.cgi?id=1125

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]