Package: make Version: 4.3-4.1 Severity: normal Tags: upstream
Dear Maintainer, When running make with an environment entry without a "=" (equal) character, make crash with a segmentation fault without executing anything. The crash occurs here: https://sources.debian.org/src/make- dfsg/4.3-4.1/src/main.c/#L1362 while (! STOP_SET (*ep, MAP_EQUALS)) ++ep; "ep" contains the environment variable, if it does not contain "=" character, the loop will go past the end of memory pointed by "ep" leading to a segfault. This can be reproduced with this small test: ----------- $ cat testmake.c #include <unistd.h> int main() { char *arg[] = { "/usr/bin/make", (char *)0 }; char *env[] = { "HOME=/tmp", "LOGNAME=home", /* this is the empty entry causing the crash: */ "", (char *)0 }; execve("/usr/bin/make", arg, env); return 0; } $ gcc testmake.c -o testmake $ ./testmake Erreur de segmentation ----------- This issue was encountered with a older make version called by a proprietary java program (WindRiver vxWorks). -- System Information: Debian Release: 12.0 APT prefers unstable APT policy: (950, 'unstable'), (500, 'unstable-debug') Architecture: amd64 (x86_64) Foreign Architectures: i386, armhf, armel Kernel: Linux 6.1.0-7-amd64 (SMP w/4 CPU threads; PREEMPT) Kernel taint flags: TAINT_WARN, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) Versions of packages make depends on: ii libc6 2.36-9 make recommends no packages. Versions of packages make suggests: pn make-doc <none> -- no debconf information -- Alexis Murzeau PGP: B7E6 0EBB 9293 7B06 BDBC 2787 E7BD 1904 F480 937F |
