|
Bugzilla – Full Text Bug Listing |
| Summary: | The execvp() routine in glibc calls free() with an invalid pointer in unusual circumstances | ||
|---|---|---|---|
| Product: | [openSUSE] SUSE LINUX 10.0 | Reporter: | Jeff Hollensen <jeff.hollensen> |
| Component: | Basesystem | Assignee: | Thorsten Kukuk <kukuk> |
| Status: | RESOLVED INVALID | QA Contact: | E-mail List <qa-bugs> |
| Severity: | Normal | ||
| Priority: | P5 - None | CC: | meissner |
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | x86-64 | ||
| OS: | SuSE Linux 10.0 | ||
| Whiteboard: | |||
| Found By: | Third Party Developer/Partner | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
| Attachments: | posix/execvp.c from glibc-2.3.5-40.src.rpm | ||
This bug is only confusing, I don't know about what you are diffing, but 10.0 does not have this problem. Created attachment 71266 [details]
posix/execvp.c from glibc-2.3.5-40.src.rpm
I'm sorry if I was not clear. The installation containing the problem *is* Suse 10. > cat /etc/SuSE-release SUSE LINUX 10.0 (X86-64) VERSION = 10.0 The version of glibc which contains the execvp() routine is: > rpm -q glibc glibc-2.3.5-40 The file I "diff"ed is execvp.c from the source rpm glibc-2.3.5-40.src.rpm obtained from an Novel ftp server. I have attached the execvp.c file from that RPM. glibc-2.3.5-40.src.rpm is the glibc from SUSE Linux 10.0. |
The execvp() routine sometimes allocates some space and fills it with PATH information from the confstr() library call. size_t len = confstr (_CS_PATH, (char *) NULL, 0); path = (char *) malloc (1 + len); ... It iteratively uses this allocated area to locate colon-separated directory paths. If all attempts to exec the filename fail (using the directory paths as prefixes), it frees the path variable at the end of the routine. But, the value passed to the free() call is not the original value allocated -- path is modified in the loop. Here is a simple diff listing of the original execvp.c file and a corrected file. The execvp.c file came from the following RPM: glibc-2.3.5-40.src.rpm which was retrieved from a Novell FTP site. 91a92 > char * path_buffer = NULL; 98c99 < path = (char *) malloc (1 + len); --- > path = path_buffer = (char *) malloc (1 + len); 112c113 < free (path); --- > free (path_buffer); 194c195 < free (path); --- > free (path_buffer);