Date: Wed, 22 Apr 2015 22:52:09 -0700 From: Isaac Dunham <ibid.ag@...il.com> To: musl@...ts.openwall.com Subject: Re: setenv if value=NULL, what say standard? Bug? On Thu, Apr 23, 2015 at 02:35:15AM +0200, Laurent Bercot wrote: > On 23/04/2015 02:08, Jean-Marc Pigeon wrote: > >My guess, glibc code is 'blindly" setting the NULL (as "") > >value to the variable. > > > >Is the standard saying otherwise, or do we have a > >a real bug in setenv?? > > The standard at > http://pubs.opengroup.org/onlinepubs/9699919799/functions/setenv.html > says... > > ... exactly nothing about the possibility of envval being NULL. > This is, in the strictest sense, UB. :) > > Actually, it says "The environment variable shall be set to the value > to which envval points." So, arguably, envval should point to something, > and since NULL does not, it is forbidden. Another valid interpretation > could be that envvar is set to the value to which envval points, i.e. > no value at all, so it is unset; but it doesn't fit the spirit of > setenv() to unset variables. The glibc interpretation, if it does what > you think it does, is wrong in any case: the empty string is a very > different thing from no value at all. > > I think the only safe conclusion is that the application is incorrect > and should ensure that setenv() is never called with a NULL value. I happen to have just reread http://www.tedunangst.com/flak/post/zero-size-objects which has this little bit of information: The C standard has this to say in the section on “Use of library functions”. If an argument to a function has an invalid value (such as a value outside the domain of the function, or a pointer outside the address space of the program, or a null pointer, [...]) [...], the behavior is undefined. The section on “String function conventions” clarifies further. Where an argument declared as size_t n specifies the length of the array for a function, n can have the value zero on a call to that function. Unless explicitly stated otherwise in the description of a particular function in this subclause, pointer arguments on such a call shall still have valid values. In other words, passing a NULL pointer is undefined behavior unless spelled out to the contrary, even if a good implementation would have no reason to follow it. Now, setenv() is part of POSIX rather than ISO C, and thus has its own rules, but ISO C is the foundation. As to the question of what's the "right" thing to do, consider these two function calls: setenv("OTHERVAL", getenv("SOMEVAL"), 1); strcmp(getenv("OTHERVAL"), getenv("OTHERVAL")); It should be obvious that the second is incorrect. But it's easy to arrive there if the former is accepted. So I've sent a patch for this to the util-linux list. Thanks, Isaac Dunham
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.