setenv ("NAME", NULL) corrupts environment
Bug #861132 reported by
Robert Ancell
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
eglibc |
Invalid
|
Medium
|
|||
eglibc (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
setenv ("NAME", NULL) corrupts the environment. It doesn't seem specified what the function should do when value is NULL, but the code does check for it - it just does the wrong thing:
stdlib/setenv.c:
...
__add_to_environ (name, value, combined, replace)
...
const size_t vallen = value != NULL ? strlen (value) + 1 : 0;
...
memcpy (new_value, name, namelen);
new_
memcpy (&new_value[namelen + 1], value, vallen);
...
i.e. the new value is set to "NAME=" without the trailing nul character.
Found in bug 861123 where indicator-datetime does a:
x = g_strdup (getenv ("NAME"));
unsetenv ("NAME");
// do something
setenv ("NAME", x);
Changed in eglibc: | |
importance: | Unknown → Medium |
status: | Unknown → Confirmed |
Changed in eglibc: | |
status: | Confirmed → Invalid |
To post a comment you must log in.
Created attachment 5948
Proposed patch, which treats NULL value as "" (which I think is what the current code intends).
setenv ("NAME", NULL) corrupts the environment. It doesn't seem specified what the function should do when value is NULL, but the code does check for it - it just does the wrong thing:
stdlib/setenv.c: value[namelen] = '=';
...
__add_to_environ (name, value, combined, replace)
...
const size_t vallen = value != NULL ? strlen (value) + 1 : 0;
...
memcpy (new_value, name, namelen);
new_
memcpy (&new_value[namelen + 1], value, vallen);
...
i.e. the new value is set to "NAME=" without the trailing nul character.