Bug 498557 - execve() with NULL parameters causes segmentation fault
execve() with NULL parameters causes segmentation fault
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: glibc (Show other bugs)
rawhide
All Linux
low Severity medium
: ---
: ---
Assigned To: Jakub Jelinek
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2009-05-01 00:55 EDT by Tetsuo Handa
Modified: 2009-05-01 03:07 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-05-01 02:44:13 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Tetsuo Handa 2009-05-01 00:55:29 EDT
Description of problem:
execve() with NULL parameters causes segmentation fault.

Version-Release number of selected component (if applicable):
kernel 2.6.29.1-111.fc11.i686.PAE
glibc-2.9.90-22.i686

How reproducible:
100%

Steps to Reproduce:
1. Compile below program and run.
-----
#include <unistd.h>
int main(int argc, char *argv[])
{
	execve("/bin/true", NULL, NULL);
	return 0;
}
-----
  
Actual results:
Segmentation fault happens.

Expected results:
Prints nothing.

Additional info:
Comment 1 Jakub Jelinek 2009-05-01 02:44:13 EDT
1) this is obviously invalid, POSIX says that both the argv and envp arguments
   to execve are arrays of character pointers, NULL is not an array of character 
   pointers
2) the crash is in /bin/true, not in glibc:
(gdb) bt
#0  0x00007ffff7af12ea in strrchr () from /lib64/libc.so.6
#1  0x00000000004012fe in set_program_name (argv0=0x0) at progname.c:44
#2  0x0000000000401233 in main (argc=0, argv=0xffffffff) at true.c:58
set_program_name is a coreutils function and obviously calling strrchr with NULL
argument segfaults.
Comment 2 Tetsuo Handa 2009-05-01 03:07:44 EDT
Oh, I didn't know execve() does not accept NULL parameters.
I thought NULL is acceptable because do_execve() (in kenrel) checks for NULL
parameters.
Thank you.

Note You need to log in before you can comment on or make changes to this bug.