On Mon, Apr 30, 2007 at 12:54:45PM -0400, John Baldwin wrote:
> Hmm, I think I see that this is orthogonal to the setenv(3) fix, but still,
> if
> one does this:
>
> char *cp = strdup("FOO=bar");
> putenv(cp);
> ...
> setenv("FOO", "baz");
cp value is undefined right here and can't be safely printed afterwards.
Anything can happens at printf including core dump.
> ...
> setenv("FOO", "really_long_string");
> ...
> printf("FOO: %s\n", cp + 4);
>
> You are going to get 'baz' in the printf output. Or if one does:
>
> char *cp = strdup("FOO=bar");
> putenv(cp);
> ...
> setenv("FOO", "really_long_string");
Again, cp value is undefined right here and can't be safely printed
afterwards.
> ...
> strcpy(cp + 4, "baz");
> ...
> printf("FOO: %s\n", getenv("FOO"));
>
> You are going to get 'really_long_string' in the printf output, and not 'baz'.
--
http://ache.pp.ru/
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
