Bug 1414589

Summary: glibc hangs on environment with no value
Product: [Fedora] Fedora Reporter: Josh Stone <jistone>
Component: glibcAssignee: Siddhesh Poyarekar <siddhesh>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: arjun.is, codonell, dj, fweimer, jakub, law, mfabian, pfrankli, siddhesh
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: glibc-2.24.90-29.fc26 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-01-30 20:54:21 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
C translation of Rust's env-funky-keys.rs none

Description Josh Stone 2017-01-18 22:20:27 UTC 
Created attachment 1242291 [details]
C translation of Rust's env-funky-keys.rs

Description of problem:
Rust builds are hanging in %check on test rust-pass/env-funky-keys.
https://github.com/rust-lang/rust/blob/master/src/test/run-pass/env-funky-keys.rs

I can also hang with a similar program written in C, attached, so let's focus on that.  The same binary copied to F25 runs fine.

Version-Release number of selected component (if applicable):
glibc-2.24.90-28.fc26

How reproducible:
100%

Steps to Reproduce:
1. gcc env-funky-keys.c
2. ./a.out

Actual results:
The program execs and then never terminates -- never even reaches main.

Expected results:
The program should exec and then main should return 0.

Additional info:

Stepping 'next' in gdb just bounces between dl-tunables.c:86 and :90.

(gdb) bt
#0  get_next_env (val=<synthetic pointer>, namelen=<synthetic pointer>,
    name=<synthetic pointer>, envp=0x7fffffffee40) at dl-tunables.c:86
#1  __tunables_init (envp=0x7fffffffee40) at dl-tunables.c:317
#2  0x00007ffff7df0d53 in _dl_sysdep_start (
    start_argptr=start_argptr@entry=0x7fffffffee20,
    dl_main=dl_main@entry=0x7ffff7dd8b10 <dl_main>) at ../elf/dl-sysdep.c:224
#3  0x00007ffff7ddc0b8 in _dl_start_final (arg=0x7fffffffee20) at rtld.c:303
#4  _dl_start (arg=0x7fffffffee20) at rtld.c:409
#5  0x00007ffff7dd7e58 in _start () from /lib64/ld-linux-x86-64.so.2
#6  0x0000000000000002 in ?? ()
#7  0x00007fffffffefa0 in ?? ()
#8  0x00007fffffffefbb in ?? ()
#9  0x0000000000000000 in ?? ()
(gdb) list 81,98
81        while (envp != NULL && *envp != NULL)
82          {
83            char *envline = *envp;
84            int len = 0;
85
86            while (envline[len] != '\0' && envline[len] != '=')
87              len++;
88
89            /* Just the name and no value, go to the next one.  */
90            if (envline[len] == '\0')
91              continue;
92
93            *name = envline;
94            *namelen = len;
95            *val = &envline[len + 1];
96
97            return ++envp;
98          }

It looks to me like the continue is missing ++envp.
Comment 1 Carlos O'Donell 2017-01-19 13:33:42 UTC 
Looking at this right now. Thanks for the bug Josh.
Comment 2 Siddhesh Poyarekar 2017-01-19 13:35:23 UTC 
Oh sorry I forgot to actually update the bug.  I've got tests running with a candidate patch that I'll post upstream shortly.
Comment 3 Carlos O'Donell 2017-01-19 13:40:22 UTC 
(In reply to Siddhesh Poyarekar from comment #2)
> Oh sorry I forgot to actually update the bug.  I've got tests running with a
> candidate patch that I'll post upstream shortly.

Awesome. Assigned to you then :-)

Thanks Siddhesh!
Comment 4 Carlos O'Donell 2017-01-19 13:41:42 UTC 
(In reply to Carlos O'Donell from comment #3)
> (In reply to Siddhesh Poyarekar from comment #2)
> > Oh sorry I forgot to actually update the bug.  I've got tests running with a
> > candidate patch that I'll post upstream shortly.
> 
> Awesome. Assigned to you then :-)
> 
> Thanks Siddhesh!

Note:

- We don't need an upstream bug because this was an regression introduced during development.
- Would be nice to have a test case just to keep testing empty env var processing.
Comment 5 Siddhesh Poyarekar 2017-01-19 18:56:53 UTC 
Posted patch upstream:

https://sourceware.org/ml/libc-alpha/2017-01/msg00390.html
Comment 6 Siddhesh Poyarekar 2017-01-19 19:15:58 UTC 
Patch pushed, so the next rawhide rebase should have this fix.
Comment 7 Josh Stone 2017-01-30 20:54:21 UTC 
Confirmed in glibc-2.24.90-29.fc26, thanks!