@@ -1,3 +1,8 @@
+2015-03-11 Paul Eggert <eggert@cs.ucla.edu>
+
+ * stdlib/setenv.c (__add_to_environ):
+ Dump core quickly if setenv (..., NULL, ...) is called.
+
2015-03-11 Paul Pluzhnikov <ppluzhnikov@google.com>
[BZ #18043]
@@ -115,7 +115,13 @@ __add_to_environ (name, value, combined, replace)
char **ep;
size_t size;
const size_t namelen = strlen (name);
- const size_t vallen = value != NULL ? strlen (value) + 1 : 0;
+ size_t vallen;
+
+ /* Test COMBINED, not VALUE, since VALLEN is needed only if COMBINED
+ is non-null. Also, testing COMBINED causes setenv (..., NULL, ...)
+ to dump core quickly instead of corrupting memory. */
+ if (combined != NULL)
+ vallen = strlen (value) + 1;
LOCK;
On 03/11/2015 11:26 AM, Paul Pluzhnikov wrote: > Where does it say that NULL name is allowed? It doesn't. But that's the FreeBSD behavior. FreeBSD setenv (..., NULL, ...) dumps core quickly because it calls strlen (NULL). How about if we do the same? It should be just as fast as what we do now, and it's safer and more compatible. Something like the attached untested patch, say.