Print this page
6565 pargs crashes on growing env
@@ -82,10 +82,11 @@
iconv_t pd_iconv; /* iconv conversion descriptor */
size_t pd_argc;
uintptr_t *pd_argv;
char **pd_argv_strs;
size_t pd_envc;
+ size_t pd_envc_curr;
uintptr_t *pd_envp;
char **pd_envp_strs;
size_t pd_auxc;
auxv_t *pd_auxv;
char **pd_auxv_strs;
@@ -632,10 +633,14 @@
build_env(void *data, struct ps_prochandle *pr, uintptr_t addr, const char *str)
{
pargs_data_t *datap = data;
if (datap->pd_envp != NULL) {
+ /* env has more items than last time, skip the newer ones */
+ if (datap->pd_envc > datap->pd_envc_curr)
+ return (0);
+
datap->pd_envp[datap->pd_envc] = addr;
if (str == NULL)
datap->pd_envp_strs[datap->pd_envc] = NULL;
else
datap->pd_envp_strs[datap->pd_envc] = strdup(str);
@@ -651,10 +656,11 @@
{
struct ps_prochandle *pr = datap->pd_proc;
datap->pd_envc = 0;
(void) Penv_iter(pr, build_env, datap);
+ datap->pd_envc_curr = datap->pd_envc;
datap->pd_envp = safe_zalloc(sizeof (uintptr_t) * datap->pd_envc);
datap->pd_envp_strs = safe_zalloc(sizeof (char *) * datap->pd_envc);
datap->pd_envc = 0;