[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <ZpgOf4zBSrnueTMT@voyager>
Date: Wed, 17 Jul 2024 20:33:35 +0200
From: Markus Wichmann <nullplan@....net>
To: musl@...ts.openwall.com
Cc: Luca <groovysnail42@...il.com>
Subject: Re: Memory Leak
Am Wed, Jul 17, 2024 at 06:54:59PM +0200 schrieb Luca:
> The variable `static char **oldenv` is passed to a free in line 29:
> `free(oldenv);`.
> The variable is a 2d pointer and therefore all contents within it should be
> freed.
> By freeing only oldenv all the lines of `__environ` are lost.
>
> Possible hotfix:
> ```
> for (int j = 0; oldenv[j]; ++j) free(oldenv[j]);
> free(oldenv);
> ```
No, that is invalid. You can only call free() on pointers that you own,
and that came from malloc(). The first property is not fulfilled in
putenv(). putenv() doesn't own any of the pointers given to it. It only
places them inside the environment.
And that's the end of that, really. Even those environment pointers
that were allocated are invalid to free() here because putenv() doesn't
own them. setenv() might, but that's what __env_rm_add() is for.
Also, many of the pointers in oldenv are shared with newenv. Freeing
them would leave dangling pointers in the environment list.
Ciao,
Markus
Powered by blists - more mailing lists
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
