mirror of
https://sourceware.org/git/glibc.git
synced 2024-11-24 10:22:41 +08:00
f83bb9b8e9
GLIBC execl{e,p} implementation might use malloc if the total number of arguments exceed initial assumption size (1024). This might lead to issues in two situations: 1. execl/execle is stated to be async-signal-safe by POSIX [1]. However if execl is used in a signal handler with a large argument set (that may call malloc internally) and if the resulting call fails it might lead malloc in the program in a bad state. 2. If the functions are used in a vfork/clone(VFORK) situation it also might issue malloc internal bad state. This patch fixes it by using stack allocation instead. It also fixes BZ#19534. Tested on x86_64. [1] http://pubs.opengroup.org/onlinepubs/9699919799/functions/V2_chap02.html [BZ #19534] * posix/execl.c (execl): Remove dynamic memory allocation. * posix/execle.c (execle): Likewise. * posix/execlp.c (execlp): Likewise.
60 lines
1.8 KiB
C
60 lines
1.8 KiB
C
/* Copyright (C) 1991-2016 Free Software Foundation, Inc.
|
|
This file is part of the GNU C Library.
|
|
|
|
The GNU C Library is free software; you can redistribute it and/or
|
|
modify it under the terms of the GNU Lesser General Public
|
|
License as published by the Free Software Foundation; either
|
|
version 2.1 of the License, or (at your option) any later version.
|
|
|
|
The GNU C Library is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
Lesser General Public License for more details.
|
|
|
|
You should have received a copy of the GNU Lesser General Public
|
|
License along with the GNU C Library; if not, see
|
|
<http://www.gnu.org/licenses/>. */
|
|
|
|
#include <unistd.h>
|
|
#include <stdarg.h>
|
|
#include <errno.h>
|
|
#include <sys/param.h>
|
|
|
|
/* Execute PATH with all arguments after PATH until a NULL pointer,
|
|
and the argument after that for environment. */
|
|
int
|
|
execle (const char *path, const char *arg, ...)
|
|
{
|
|
ptrdiff_t argc;
|
|
va_list ap;
|
|
va_start (ap, arg);
|
|
for (argc = 1; va_arg (ap, const char *); argc++)
|
|
{
|
|
if (argc == INT_MAX)
|
|
{
|
|
va_end (ap);
|
|
errno = E2BIG;
|
|
return -1;
|
|
}
|
|
}
|
|
va_end (ap);
|
|
|
|
/* Avoid dynamic memory allocation due two main issues:
|
|
1. The function should be async-signal-safe and a running on a signal
|
|
handler with a fail outcome might lead to malloc bad state.
|
|
2. It might be used in a vfork/clone(VFORK) scenario where using
|
|
malloc also might lead to internal bad state. */
|
|
ptrdiff_t i;
|
|
char *argv[argc + 1];
|
|
char **envp;
|
|
va_start (ap, arg);
|
|
argv[0] = (char *) arg;
|
|
for (i = 1; i <= argc; i++)
|
|
argv[i] = va_arg (ap, char *);
|
|
envp = va_arg (ap, char **);
|
|
va_end (ap);
|
|
|
|
return __execve (path, argv, envp);
|
|
}
|
|
libc_hidden_def (execle)
|