On Mon, 11 Nov 2024 at 14:37, Dmitry Frolov <[email protected]> wrote:
> "int main(int argc, char **argv, char** envp)" is non-standart
> Microsoft`s extention of the C language and it`s not portable.
> In my particular case (Debian 13, clang-16) this raises wild-pointer
> dereference with ASAN message "heap-use-after-free".
...
> qos_printf("ENVIRONMENT VARIABLES: {\n");
> - for (char **env = envp; *env != 0; env++) {
> + for (char **env = environ; *env != 0; env++) {
> qos_printf("\t%s\n", *env);
> }
* For heap-use-after-free, there needs to be a free(*env) call
somewhere. In the 'tests/qtest/qos-test.c' file, I couldn't see
environment variables being free'd anywhere. Above loop is only
printing them. Following small test.c did not reproduce the
'heap-use-after-free' error.
===
#include <stdio.h>
int
main(int argc, char *argv[], char **envp)
{
int n = 0;
for (char **p = envp; *p != 0; p++) {
printf("environ[%d]: %s\n", n++, *p);
}
return 0;
}
$ cc -xc -o test test.c -lasan
===
* While the patch is okay, it is not clear why it fixes the
wild-pointer dereference and "heap-use-after-free" errors.
Thank you.
---
- Prasad
