From morten@rodal.no  Fri Mar 12 01:22:05 2004
Return-Path: <morten@rodal.no>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id CF13216A4CE
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 12 Mar 2004 01:22:05 -0800 (PST)
Received: from ray.idi.ntnu.no (ray.idi.ntnu.no [129.241.107.68])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 7C82343D2F
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 12 Mar 2004 01:22:04 -0800 (PST)
	(envelope-from morten@rodal.no)
Received: from stud326.idi.ntnu.no (stud326.idi.ntnu.no [129.241.103.26])
	by ray.idi.ntnu.no (8.12.10/8.12.10) with ESMTP id i2C9M0el013246
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 12 Mar 2004 10:22:01 +0100 (MET)
Received: (from morten@localhost)
	by stud326.idi.ntnu.no (8.12.11/8.12.11/Submit) id i2C9M0jC002510;
	Fri, 12 Mar 2004 10:22:00 +0100 (CET)
	(envelope-from morten)
Message-Id: <200403120922.i2C9M0jC002510@stud326.idi.ntnu.no>
Date: Fri, 12 Mar 2004 10:22:00 +0100 (CET)
From: Morten Rodal <morten@rodal.no>
Reply-To: Morten Rodal <morten@rodal.no>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: [PATCH] ls(1) coredumps when started via execve(2) with no argv.
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         64150
>Category:       bin
>Synopsis:       [PATCH] ls(1) coredumps when started via execve(2) with no argv.
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Mar 12 01:30:23 PST 2004
>Closed-Date:    Fri Mar 12 04:48:54 PST 2004
>Last-Modified:  Fri Mar 12 04:48:54 PST 2004
>Originator:     Morten Rodal
>Release:        FreeBSD 5.2-CURRENT i386
>Organization:
>Environment:
System: FreeBSD stud326.idi.ntnu.no 5.2-CURRENT FreeBSD 5.2-CURRENT #2: Mon Mar 1 02:38:57 CET 2004 root@stud326.idi.ntnu.no:/usr/obj/usr/src/sys/stud326 i386


>Description:
ls(1) calls the fts(3) functions for traversing a file hierarchy.  If ls(1) is
executed via execve(2) system call with a NULL argv and envp it will make
the fts(3) functions core dump with a SIGBUS.

If execve(2) is executed with a NULL (I am not sure this is legal?) argv, the
executed program will have an argc value of -1.

>How-To-Repeat:
#include <stdio.h>
#include <unistd.h>

int main(int argc, char **argv) {
	execve("/bin/ls", NULL, NULL);

	return (1);
}
>Fix:
--- ls.c.orig	Fri Mar 12 10:19:08 2004
+++ ls.c	Fri Mar 12 10:21:08 2004
@@ -430,7 +430,7 @@
 	else
 		printfcn = printcol;
 
-	if (argc)
+	if (argc >= 1)
 		traverse(argc, argv, fts_options);
 	else
 		traverse(1, dotav, fts_options);
>Release-Note:
>Audit-Trail:

From: Ruslan Ermilov <ru@freebsd.org>
To: Morten Rodal <morten@rodal.no>
Cc: FreeBSD-gnats-submit@freebsd.org
Subject: Re: bin/64150: [PATCH] ls(1) coredumps when started via execve(2) with no argv.
Date: Fri, 12 Mar 2004 12:49:14 +0200

 On Fri, Mar 12, 2004 at 10:22:00AM +0100, Morten Rodal wrote:
 > 
 > >Number:         64150
 > >Category:       bin
 > >Synopsis:       [PATCH] ls(1) coredumps when started via execve(2) with no argv.
 > >Confidential:   no
 > >Severity:       non-critical
 > >Priority:       low
 > >Responsible:    freebsd-bugs
 > >State:          open
 > >Quarter:        
 > >Keywords:       
 > >Date-Required:
 > >Class:          sw-bug
 > >Submitter-Id:   current-users
 > >Arrival-Date:   Fri Mar 12 01:30:23 PST 2004
 > >Closed-Date:
 > >Last-Modified:
 > >Originator:     Morten Rodal
 > >Release:        FreeBSD 5.2-CURRENT i386
 > >Organization:
 > >Environment:
 > System: FreeBSD stud326.idi.ntnu.no 5.2-CURRENT FreeBSD 5.2-CURRENT #2: Mon Mar 1 02:38:57 CET 2004 root@stud326.idi.ntnu.no:/usr/obj/usr/src/sys/stud326 i386
 > 
 > 
 > >Description:
 > ls(1) calls the fts(3) functions for traversing a file hierarchy.  If ls(1) is
 > executed via execve(2) system call with a NULL argv and envp it will make
 > the fts(3) functions core dump with a SIGBUS.
 > 
 > If execve(2) is executed with a NULL (I am not sure this is legal?) argv, the
 > executed program will have an argc value of -1.
 > 
 > >How-To-Repeat:
 > #include <stdio.h>
 > #include <unistd.h>
 > 
 > int main(int argc, char **argv) {
 > 	execve("/bin/ls", NULL, NULL);
 > 
 > 	return (1);
 > }
 
 The execve(2) manpage says:
 
 : The argument argv is a pointer to a null-terminated array of character
 : pointers to null-terminated character strings.  These strings construct
 : the argument list to be made available to the new process.  At least one
 : argument must be present in the array; by custom, the first element
 : should be the name of the executed program (for example, the last compo-
 : nent of path).
 
 
 Cheers,
 -- 
 Ruslan Ermilov
 FreeBSD committer
 ru@FreeBSD.org

From: Morten Rodal <morten@rodal.no>
To: Ruslan Ermilov <ru@freebsd.org>
Cc: FreeBSD-gnats-submit@freebsd.org
Subject: Re: bin/64150: [PATCH] ls(1) coredumps when started via execve(2) with no argv.
Date: Fri, 12 Mar 2004 11:57:30 +0100

 On Fri, Mar 12, 2004 at 12:49:14PM +0200, Ruslan Ermilov wrote:
 > On Fri, Mar 12, 2004 at 10:22:00AM +0100, Morten Rodal wrote:
 > > >Description:
 > > ls(1) calls the fts(3) functions for traversing a file hierarchy.
 > > If ls(1) is executed via execve(2) system call with a NULL argv
 > > and envp it will make the fts(3) functions core dump with a
 > > SIGBUS.
 > > 
 > > If execve(2) is executed with a NULL (I am not sure this is
 > > legal?) argv, the executed program will have an argc value of -1.
 > > 
 > > >How-To-Repeat:
 > > #include <stdio.h>
 > > #include <unistd.h>
 > > 
 > > int main(int argc, char **argv) {
 > > 	execve("/bin/ls", NULL, NULL);
 > > 
 > > 	return (1);
 > > }
 > 
 > The execve(2) manpage says:
 > 
 > : The argument argv is a pointer to a null-terminated array of character
 > : pointers to null-terminated character strings.  These strings construct
 > : the argument list to be made available to the new process.  At least one
 > : argument must be present in the array; by custom, the first element
 > : should be the name of the executed program (for example, the last compo-
 > : nent of path).
 > 
 > 
 
 Indeed you are correct, but I would have wished that execve(2) could
 set argc = 0 and not -1 for the newly created process.  However I
 think this is a standards issue and I'll just correct this program to
 include argv and envp vectors when calling execve(2).
 
 Thanks for the quick response.
 
 -- 
 Morten Rodal
 
State-Changed-From-To: open->closed 
State-Changed-By: ru 
State-Changed-When: Fri Mar 12 04:48:30 PST 2004 
State-Changed-Why:  
Poor duplicate of kern/33738. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=64150 
>Unformatted:
