Re: [PATCH] Memory leak, at src/common/exec.c

On 12/16/19 1:22 PM, Ranier Vilela wrote:
> Hi,
> On exec.c, have two memory leaks, and a possible access beyond heap bounds, the patch tries to fix them.
> According to documentation at:
> https://en.cppreference.com/w/c/experimental/dynamic/strdup
> "The returned pointer must be passed to free to avoid a memory leak."

Please see the man page for putenv. Are you certain it is safe to
free the string passed to putenv after putenv returns? I think this
may be implemented differently on various platforms.

Taken from `man putenv`:

"NOTES
The putenv() function is not required to be reentrant, and the
one in glibc 2.0 is not, but the glibc 2.1 version is.

Since version 2.1.2, the glibc implementation conforms to
SUSv2: the pointer string given to putenv() is used. In particular,
this string becomes part of the environment; changing it later will
change the environment. (Thus, it is an error is to call
putenv() with an automatic variable as the argument, then return from
the calling function while string is still part of the environment.)
However, glibc versions 2.0 to 2.1.1 differ: a copy of the
string is used. On the one hand this causes a memory leak, and on the
other hand it violates SUSv2.

The 4.4BSD version, like glibc 2.0, uses a copy.

SUSv2 removes the const from the prototype, and so does glibc 2.1.3.
"

--
Mark Dilger