On Tue, 2017-01-31 at 14:23 +0100, Christian Seiler wrote: > On 01/31/2017 11:15 AM, Mathieu Malaterre wrote: > > I'd like to discuss addition of a new lintian checks for > > getenv/setenv/putenv used in shared libraries. > > Why getenv() though? It just reads the environment. > > From what you link yourself: > > The getenv and secure_getenv functions can be safely used in > > multi-threaded programs. [...]
But it returns a pointer to the value, which might be freed by another thread before it is used. If there were a reader function that copied the value to a caller-provided buffer, it could be properly thread- safe. (The C library could also make getenv() thread-safe by maintaining a per-thread cache of the environment and returning a pointer into that. But portable software still couldn't assume this.) Ben. -- Ben Hutchings It is easier to write an incorrect program than to understand a correct one.
signature.asc
Description: This is a digitally signed message part