bin/189805: setenv(

Garrett Cooper yaneurabeya at
Wed May 14 15:10:00 UTC 2014

>Number:         189805
>Category:       bin
>Synopsis:       setenv(
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed May 14 15:10:00 UTC 2014
>Originator:     Garrett Cooper
>Release:        11-CURRENT
FreeBSD fuji-current.local 11.0-CURRENT FreeBSD 11.0-CURRENT #1 c7d920a(atf): Mon Apr 14 22:16:02 PDT 2014     root at fuji-current.local:/usr/obj/usr/src/sys/FUJI  i386
One of the tests imported from FreeBSD tests out setenv with value => NULL as it's a requirement of the libcall. FreeBSD coredumps with a segfault on this test because libc (behind the scenes) runs a strcmp on the buffer, which subsequently blows up when trying to analyze the NULL pointer.

value => NULL is undefined per POSIX, so the behavior is implementation dependent, but value is assumed to be a string, not a NULL pointer. It seems like an edgecase that could be caught and improved upon as it would be nice if an error was set or at the very least an assert was triggered in setenv when this situation was encountered so the error was localized to the block of code instead of corrupting the stack later on down the line.

Here's what pho and I discovered:

- FreeBSD/OSX segfault.
- Linux succeeds. Subsequent getenvs return NULL.
- NetBSD returns -1/sets EINVAL.

Bruce E weighed in on this, and believes the libcall should always coredump, but he didn't recommend how it should coredump.
% /bin/sh
% cat > setenv_segfault.c <<EOF
cat ./test_setenv_segfault.c 
#include <stdlib.h>


	setenv("somevar", NULL, 0);
	return (0);
% clang -g -Wall -o setenv_segfault setenv_segfault.c
% gdb ./setenv_segfault
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd"...
(gdb) r
Starting program: /root/setenv_segfault 

Program received signal SIGSEGV, Segmentation fault.
0x2818bd4d in strlen () from /lib/
(gdb) bt
#0  0x2818bd4d in strlen () from /lib/
#1  0x28188a35 in setenv () from /lib/
#2  0x281885b8 in setenv () from /lib/
#3  0x080485c3 in main () at setenv_segfault.c:7
The original proposed fix to just return/set and error is out here: .


More information about the freebsd-bugs mailing list