diff options
| author | Ata, John (US) <john.ata@baesystems.com> | 2020-01-28 14:10:21 +0100 | 
|---|---|---|
| committer | Waldemar Brodkorb <wbx@openadk.org> | 2020-01-28 14:15:20 +0100 | 
| commit | fbe25933d475de36fca739154162e668db2b125f (patch) | |
| tree | 47d35d3321b33dad3f31231dd74eaaaac893a41f /libc/stdlib/malloc/calloc.c | |
| parent | 4bae9977da5a322fee4b90c63753420582b84887 (diff) | |
fix getenv bug
The getenv() library call can trap under certain conditions.  It compares the
passed in environment variable name (var) with the name=variables (*ep) in the
environment area and returns a pointer to the value in the environment if it
exists.  To accomplish this, it does a memcmp() using the length of the passed
in name (len) for each environment variable (*ep) against the passed in name (
var).  So memcmp will attempt to scan both strings for len bytes. However, if
for some reason, len is equal to or greater than 16 and  longer than the length
of  the *ep in the environment and the *ep resides near the end of a page
boundary while the next page is not present or mapped, the memcmp could trap
with a sigsegv error while continuing the scan with the optimization
read-ahead. However, if strncmp is used instead, there is no problem since both
source and destination scanning will stop when either reaches a terminating
NULL
Diffstat (limited to 'libc/stdlib/malloc/calloc.c')
0 files changed, 0 insertions, 0 deletions
