Re: [PATCH] Memory leak, at src/common/exec.c

On 12/16/19 1:22 PM, Ranier Vilela wrote:
> Hi,
> On exec.c, have two memory leaks, and a possible access beyond heap bounds, the patch tries to fix them.
> According to documentation at:
> https://en.cppreference.com/w/c/experimental/dynamic/strdup
> "The returned pointer must be passed to free to avoid a memory leak."

Please see the man page for putenv.  Are you certain it is safe to
free the string passed to putenv after putenv returns?  I think this
may be implemented differently on various platforms.

Taken from `man putenv`:

"NOTES
        The putenv() function is not required to be reentrant, and the 
one in glibc 2.0 is not, but the glibc 2.1 version is.

        Since  version  2.1.2,  the  glibc  implementation  conforms to 
SUSv2: the pointer string given to putenv() is used.  In particular, 
this string becomes part of the environment; changing it later will
        change the environment.  (Thus, it is an error is to call 
putenv() with an automatic variable as the argument, then return from 
the calling function while string is still  part  of  the  environment.)
        However, glibc versions 2.0 to 2.1.1 differ: a copy of the 
string is used.  On the one hand this causes a memory leak, and on the 
other hand it violates SUSv2.

        The 4.4BSD version, like glibc 2.0, uses a copy.

        SUSv2 removes the const from the prototype, and so does glibc 2.1.3.
"

-- 
Mark Dilger