zukatsinadze added inline comments.
================
Comment at: clang/docs/analyzer/checkers.rst:2103-2104
+ puts(envp[i]);
+ // envp may no longer point to the current environment
+ // this program has unanticipated behavior.
+ }
----------------
Charusso wrote:
> NoQ wrote:
> > It's very important to explain whether the "unanticipated behavior" is an
> > entirely psychological concept ("most people don't understand how this
> > works but this can occasionally also be a valid solution if you know what
> > you're doing") or a 100% clear indication of a bug ("such code can never be
> > correct", eg. it instantly causes undefined behavior, or the written value
> > can never be read later so there's absolutely no point in writing it, or
> > something like that).
> The standard terminology is very vague, like that:
> ```
> The getenv function returns a pointer to a string associated with the matched
> list member. The string pointed to shall not be modified by the program but
> may be overwritten by a subsequent call to the getenv function.
> ```
> What the hell. 😕 I think it is about table-doubling and reallocating the
> entire environment pointer table at some point which makes sense in case of
> the non-getter function calls. For the getters I think another processes
> could overwrite the `environ` pointer between two getter calls and problem
> could occur because of such table-doubling. To resolve the issue we need to
> call `strdup()` and create a copy of the current environment entry instead of
> having a pointer to it as I see.
>
> @zukatsinadze it would be great to see a real reference with real issues in
> real world software. Is the true evil the multiple chained getter calls?
>
> it would be great to see a real reference with real issues in real world
> software
I've attached some results up in the thread. Checker gave several valuable
reports on several projects if that's what you mean.
> Is the true evil the multiple chained getter calls?
Besides SEI CERT, there are many other reputable resources stating the same
problem with getenv.
https://www.ibm.com/support/knowledgecenter/SSLTBW_2.2.0/com.ibm.zos.v2r2.bpxbd00/getenv.htm
https://www.keil.com/support/man/docs/armlib/armlib_chr1359122850667.htm
https://pubs.opengroup.org/onlinepubs/009696799/functions/getenv.html
https://pubs.opengroup.org/onlinepubs/7908799/xsh/getenv.html
https://www.gnu.org/software/libc/manual/html_node/Environment-Access.html
https://man7.org/linux/man-pages/man3/getenv.3p.html
Repository:
rG LLVM Github Monorepo
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D97699/new/
https://reviews.llvm.org/D97699
_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
