Bug 498557
Summary: | execve() with NULL parameters causes segmentation fault | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Tetsuo Handa <penguin-kernel> |
Component: | glibc | Assignee: | Jakub Jelinek <jakub> |
Status: | CLOSED NOTABUG | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | low | ||
Version: | rawhide | CC: | jakub |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2009-05-01 06:44:13 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Tetsuo Handa
2009-05-01 04:55:29 UTC
1) this is obviously invalid, POSIX says that both the argv and envp arguments to execve are arrays of character pointers, NULL is not an array of character pointers 2) the crash is in /bin/true, not in glibc: (gdb) bt #0 0x00007ffff7af12ea in strrchr () from /lib64/libc.so.6 #1 0x00000000004012fe in set_program_name (argv0=0x0) at progname.c:44 #2 0x0000000000401233 in main (argc=0, argv=0xffffffff) at true.c:58 set_program_name is a coreutils function and obviously calling strrchr with NULL argument segfaults. Oh, I didn't know execve() does not accept NULL parameters. I thought NULL is acceptable because do_execve() (in kenrel) checks for NULL parameters. Thank you. |