IRC channel logs

2023-04-08.log

back to list of logs

<old>eh I have a very weird behavior of guile
<old>where I do a (environ (list ...)) followed by a (setenv key value)
<old>sometime values in (environ) disapear
<old>I fix this by doing: (environ (cons "key=value" (list ...)))
<old>this seems to be after a GC ..
<old>I have a minial reproducer
<old>this is super weird
<old>can someone try it ?
<old> https://paste.sr.ht/~old/ee09c33a57bd9c5803740215024a63c4de2cb57e
<old>should get a line: In execvp of ls: No such file or directory
<old>the bug is not in 2.2.7
<old>but in 3.0.7 and 3.0.9
<haugh>not in 3.0.5 either, fwiw
<old>hmm okay
<old>I have a backtrace
<old>seems like the GC think that strings in environ can be reeused
<old>so it get trashed
<old>this is a high risk of vulnerability
<old>anything could be put in environ
<old>I think that `putenv' in libc somehow realloc environ on a putenv call
<old>Guile set environ to be a scm_gc_malloc pointer which has GC allocated pointer in it
<old>Since glibc change the environ pointer, Guile start garbage collecting the string pointer that was in environ, since there's no reference to them
<old>However, glibc did memcpy them into the new environ, so there's dangling pointers
<old>yup that what's happening. libc is setting anew pointer in environ while copying the pointer owned by Guile
<dsmith>old, Nice find
<cow_2001>i end up importing a ton of stuff from guile when using r7rs ~_~
<dsmith>sneek, nickometer ]
<dsmith>!nickometer ]
<sneek>"]" is 15.66% lame, because 1 unbalanced bracket, 1 extraneous symbol
<singpolyma>!nickometer 💐🌹🥀🌷🌺🌸🏵️🌻🌼💮
<sneek>"\U01f490\U01f339\U01f940\U01f337\U01f33a\U01f338\U01f3f5️\U01f33b\U01f33c\U01f4ae" is 99.99% lame, because 11 consecutive non-alphas, 11 extraneous symbols
<sudden>!nickometer sudden
<sneek>"sudden" is 0% lame
<old>dsmith: I wonder what is the correct fix for that
<old>The obvious solution would be to only use the setenv/putenv/unsetenv/clearenv as defined by POSIX
<old>and to not use any Guile pointers in environ
<old>I'm not sure, gotta read the spec about what happen to these string in libc
<dsmith>Wow! The bothandled unicode nicely without crashing.
<dsmith>old, I'm not up on all the subtleties of the GC, but there is probably a way to tell it not to mess with the environment.
<old>looking a glibc code, strings allocated with setenv are never freed from memory
<old>awesome leak
<old>not only that, but glibc internally protect the access to the `environ' with a mutex.
<old>Guile simply overwrite that pointer. This is undefined behavior
<old>did not know that these function were so bad optimized
<old>even copying environ is actually undefined behavior on multi-threading
<old>ehh this is a pain
<old>sent a patch for it