Bug 498557
| Summary: | execve() with NULL parameters causes segmentation fault | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Tetsuo Handa <penguin-kernel> |
| Component: | glibc | Assignee: | Jakub Jelinek <jakub> |
| Status: | CLOSED NOTABUG | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | medium | Docs Contact: | |
| Priority: | low | ||
| Version: | rawhide | CC: | jakub |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2009-05-01 06:44:13 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
1) this is obviously invalid, POSIX says that both the argv and envp arguments to execve are arrays of character pointers, NULL is not an array of character pointers 2) the crash is in /bin/true, not in glibc: (gdb) bt #0 0x00007ffff7af12ea in strrchr () from /lib64/libc.so.6 #1 0x00000000004012fe in set_program_name (argv0=0x0) at progname.c:44 #2 0x0000000000401233 in main (argc=0, argv=0xffffffff) at true.c:58 set_program_name is a coreutils function and obviously calling strrchr with NULL argument segfaults. Oh, I didn't know execve() does not accept NULL parameters. I thought NULL is acceptable because do_execve() (in kenrel) checks for NULL parameters. Thank you. |
Description of problem: execve() with NULL parameters causes segmentation fault. Version-Release number of selected component (if applicable): kernel 2.6.29.1-111.fc11.i686.PAE glibc-2.9.90-22.i686 How reproducible: 100% Steps to Reproduce: 1. Compile below program and run. ----- #include <unistd.h> int main(int argc, char *argv[]) { execve("/bin/true", NULL, NULL); return 0; } ----- Actual results: Segmentation fault happens. Expected results: Prints nothing. Additional info: