From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Newsgroups: gmane.lisp.guile.bugs Subject: bug#62729: [PATCH] Fix dangling pointers in `environ' Date: Sun, 16 Jul 2023 22:18:54 +0200 Message-ID: <87sf9nr4nl.fsf@gnu.org> References: <20230408204801.10408-1-olivier.dion@polymtl.ca> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="13829"; mail-complaints-to="usenet@ciao.gmane.io" User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux) Cc: 62729-done@debbugs.gnu.org, Olivier Dion To: Olivier Dion Original-X-From: bug-guile-bounces+guile-bugs=m.gmane-mx.org@gnu.org Sun Jul 16 22:20:19 2023 Return-path: Envelope-to: guile-bugs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1qL8E6-0003Lm-I5 for guile-bugs@m.gmane-mx.org; Sun, 16 Jul 2023 22:20:18 +0200 Original-Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qL8Dv-0005Zu-Pm; Sun, 16 Jul 2023 16:20:07 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qL8Dq-0005ZF-Uv for bug-guile@gnu.org; Sun, 16 Jul 2023 16:20:03 -0400 Original-Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1qL8Dq-0006BD-Mr for bug-guile@gnu.org; Sun, 16 Jul 2023 16:20:02 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1qL8Dq-0003YJ-Ib for bug-guile@gnu.org; Sun, 16 Jul 2023 16:20:02 -0400 Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-To: bug-guile@gnu.org Resent-Date: Sun, 16 Jul 2023 20:20:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: cc-closed 62729 X-GNU-PR-Package: guile X-GNU-PR-Keywords: patch Mail-Followup-To: 62729@debbugs.gnu.org, ludo@gnu.org, olivier.dion@polymtl.ca Original-Received: via spool by 62729-done@debbugs.gnu.org id=D62729.168953874413572 (code D ref 62729); Sun, 16 Jul 2023 20:20:02 +0000 Original-Received: (at 62729-done) by debbugs.gnu.org; 16 Jul 2023 20:19:04 +0000 Original-Received: from localhost ([127.0.0.1]:48641 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qL8Ct-0003Wp-Ug for submit@debbugs.gnu.org; Sun, 16 Jul 2023 16:19:04 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:43770) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qL8Cs-0003WL-87 for 62729-done@debbugs.gnu.org; Sun, 16 Jul 2023 16:19:03 -0400 Original-Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qL8Cm-0005lj-Gn; Sun, 16 Jul 2023 16:18:56 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To: From; bh=vxEMgBrIFfvLmK5pQtcitLox94SCp4N/HBGKL6kv/1M=; b=o5NhFLnCtQJUJBjErlmQ W0pgDcab3aLtUKJBP+80kujZIXSa+18kF4PInpglZKuSmiYy8kD6j/lDuhMuMcg7mxXAPfV6SPum7 AYWRA8eoSoXydQx6lJN8hC4S9SZG1EuKpKEBictdePHYYR7YZofeILJVgszO4miL23TNJRCm05V6/ eQpafklaiIQSVc2W3wYFFb8g1c56vVM5O/a9TCoZ0/52ybdNba84V/e/yLIuSfBJ4Va1zFr5gLPIw pCfh6ET20MnQkhdvpDAhtU4axBz1ZlErmQxVZMDGem6vBMA3KCWxobeVnQwVW/exvKgBBzWpUh2ak 4xfxuVl3Asm23g==; Original-Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qL8Cm-0001uQ-4Y; Sun, 16 Jul 2023 16:18:56 -0400 In-Reply-To: <20230408204801.10408-1-olivier.dion@polymtl.ca> (Olivier Dion's message of "Sat, 8 Apr 2023 16:48:01 -0400") X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-guile@gnu.org List-Id: "Bug reports for GUILE, GNU's Ubiquitous Extension Language" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guile-bounces+guile-bugs=m.gmane-mx.org@gnu.org Original-Sender: bug-guile-bounces+guile-bugs=m.gmane-mx.org@gnu.org Xref: news.gmane.io gmane.lisp.guile.bugs:10635 Archived-At: Hi Olivier, Olivier Dion skribis: > From: Olivier Dion > > When calling `environ', Guile set the global variable `environ' to a > list allocated with the GC. Strings in it are also allocated with the > GC. > > However, if an user call the Scheme setenv() procedure, the resulting > call to putenv() in libc might reallocate `environ' to a new pointer > while copying sub-pointers owned by Guile in it. > > This results in the GC marking these strings for reclamation when they > are actually still present in `environ'. Thus, the values in the > environment are now undefined. > > To fix this, Guile should only manipulate the `environ' using the > standard libc functions. This ensures that concurrent modification of > it is safe in multi-threaded program. Therefore, the procedure > `environ' now call the libc clearenv() procedure to purge the > environment. Then, the desired values are put in `environ' using > scm_putenv(). At the end, no GC allocated memory is put in `environ'. > > Also, since `environ' can be changed at anytime in a multi-thread > program, emit a warning stipulating that the result is undefined > behavior if multiple threads are created in the program. Consider for > example a thread iterating over `environ' while another one do a call to > putenv(). The latter would do a realloc() on `environ' and thus the old > array read by the former now contains garbage. > > On system where clearenv() is not present, an atomic store of NULL with > sequential consistency to `environ' should be sufficient but see the > NOTES of clearenv(3). > > * libguile/posix.c (scm_environ): Do not store GC allocated memory in > environ. Thanks for the clear explanation and patch. Finally applied with an added comment in the code. Ludo=E2=80=99.