On Wed, 22 Sep 2004 12:41:24 +0100, Joe Orton <[EMAIL PROTECTED]> wrote: > > > On Wed, Sep 22, 2004 at 06:49:03AM -0400, Jeff Trawick wrote: > > On Wed, 22 Sep 2004 09:51:07 +0100, Joe Orton <[EMAIL PROTECTED]> wrote: > > > > > I don't think anyone was aware that this problem could cause > > > segfaults... > > > > true, though I saw a report of a crash in that same piece of code long > > ago, probably from the same user, and never could explain it; I think > > "compiler bug" is at least as likely the cause as anything else > > The code currently ends up calling execve() with a NULL envp pointer in > 2.0, by my reading. That doesn't look like clearly defined behaviour > (everything talks about envp being a NULL-terminated array) so it's not > entirely surprising that some libc segfaults in that case.
cool, now I remember what to query for; see PR 25103 and my patch there to make sure we don't pass NULL there but instead that we pass an empty envp; the patch didn't fix the segfault, and I'd think exec* would return EFAULT anyway if bad data was passed in
