From nobody@FreeBSD.org  Wed May 14 15:04:50 2014
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
	(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by hub.freebsd.org (Postfix) with ESMTPS id 77F75813
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 14 May 2014 15:04:50 +0000 (UTC)
Received: from cgiserv.freebsd.org (cgiserv.freebsd.org [IPv6:2001:1900:2254:206a::50:4])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(Client did not present a certificate)
	by mx1.freebsd.org (Postfix) with ESMTPS id 4A32828DC
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 14 May 2014 15:04:50 +0000 (UTC)
Received: from cgiserv.freebsd.org ([127.0.1.6])
	by cgiserv.freebsd.org (8.14.8/8.14.8) with ESMTP id s4EF4nbr022120
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 14 May 2014 15:04:49 GMT
	(envelope-from nobody@cgiserv.freebsd.org)
Received: (from nobody@localhost)
	by cgiserv.freebsd.org (8.14.8/8.14.8/Submit) id s4EF4nQe022116;
	Wed, 14 May 2014 15:04:49 GMT
	(envelope-from nobody)
Message-Id: <201405141504.s4EF4nQe022116@cgiserv.freebsd.org>
Date: Wed, 14 May 2014 15:04:49 GMT
From: Garrett Cooper <yaneurabeya@gmail.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: setenv(
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         189805
>Category:       bin
>Synopsis:       setenv with value == NULL coredumps on FreeBSD
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed May 14 15:10:00 UTC 2014
>Closed-Date:    
>Last-Modified:  Wed May 14 15:23:04 UTC 2014
>Originator:     Garrett Cooper
>Release:        11-CURRENT
>Organization:
n/a
>Environment:
FreeBSD fuji-current.local 11.0-CURRENT FreeBSD 11.0-CURRENT #1 c7d920a(atf): Mon Apr 14 22:16:02 PDT 2014     root@fuji-current.local:/usr/obj/usr/src/sys/FUJI  i386
>Description:
One of the tests imported from FreeBSD tests out setenv with value => NULL as it's a requirement of the libcall. FreeBSD coredumps with a segfault on this test because libc (behind the scenes) runs a strcmp on the buffer, which subsequently blows up when trying to analyze the NULL pointer.

value => NULL is undefined per POSIX, so the behavior is implementation dependent, but value is assumed to be a string, not a NULL pointer. It seems like an edgecase that could be caught and improved upon as it would be nice if an error was set or at the very least an assert was triggered in setenv when this situation was encountered so the error was localized to the block of code instead of corrupting the stack later on down the line.

Here's what pho and I discovered:

- FreeBSD/OSX segfault.
- Linux succeeds. Subsequent getenvs return NULL.
- NetBSD returns -1/sets EINVAL.

Bruce E weighed in on this, and believes the libcall should always coredump, but he didn't recommend how it should coredump.
>How-To-Repeat:
% /bin/sh
% cat > setenv_segfault.c <<EOF
cat ./test_setenv_segfault.c 
#include <stdlib.h>

int
main(void)
{

	setenv("somevar", NULL, 0);
	return (0);
}
EOF
% clang -g -Wall -o setenv_segfault setenv_segfault.c
% gdb ./setenv_segfault
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd"...
(gdb) r
Starting program: /root/setenv_segfault 

Program received signal SIGSEGV, Segmentation fault.
0x2818bd4d in strlen () from /lib/libc.so.7
(gdb) bt
#0  0x2818bd4d in strlen () from /lib/libc.so.7
#1  0x28188a35 in setenv () from /lib/libc.so.7
#2  0x281885b8 in setenv () from /lib/libc.so.7
#3  0x080485c3 in main () at setenv_segfault.c:7
>Fix:
The original proposed fix to just return/set and error is out here: https://github.com/yaneurabeya/freebsd/pull/5 .

>Release-Note:
>Audit-Trail:

From: Garrett Cooper <yanegomi@gmail.com>
To: FreeBSD-gnats-submit@FreeBSD.org,
 freebsd-bugs@FreeBSD.org
Cc:  
Subject: Re: bin/189805: setenv(
Date: Wed, 14 May 2014 08:11:12 -0700

 On May 14, 2014, at 8:10 AM, FreeBSD-gnats-submit@FreeBSD.org wrote:
 
 > Thank you very much for your problem report.
 > It has the internal identification `bin/189805'.
 > The individual assigned to look at your
 > report is: freebsd-bugs.=20
 >=20
 > You can access the state of your problem report at any time
 > via this link:
 >=20
 > http://www.freebsd.org/cgi/query-pr.cgi?pr=3D189805
 >=20
 >> Category:       bin
 >> Responsible:    freebsd-bugs
 >> Synopsis:       setenv(
 >> Arrival-Date:   Wed May 14 15:10:00 UTC 2014
 
 Hi,
 	Could someone with GNATS access please fix the synopsis to say =
 =93setenv with value =3D=3D NULL coredumps on FreeBSD=94?
 Thanks in advance -_-!
 -Garrett=
>Unformatted:
