rnp icon indicating copy to clipboard operation
rnp copied to clipboard

Published 20 hours ago verified publisher icon rnpgp

(Potentially) incorrect use of getenv function

Open maxirmx opened this issue 1 year ago • 0 comments

getenv function is not required to be thread-safe. Another call to getenv, as well as a call to the POSIX functions setenv(), unsetenv(), and putenv() may invalidate the pointer returned by a previous call or modify the string obtained from a previous call.

Sample incorrect use, cause memory corruption on Windows in TEST_F(rnp_tests, test_cli_logname)

    char *      logname = getenv("LOGNAME");

...
    setenv("LOGNAME", testname.c_str(), 1);   <===== this call may invalidate the pinter save in logname
    assert_string_equal(getenv_logname(), testname.c_str());
    if (user) {
        unsetenv("LOGNAME");
        assert_string_equal(getenv_logname(), user);
    }

    if (logname) {
        setenv("LOGNAME", logname, 1);
    } else {
        unsetenv("LOGNAME");
    }

Sample correct use: TEST_F(rnp_tests, test_ffi_set_log_fd)

    char *saved_env = NULL;
    if (getenv(RNP_LOG_CONSOLE)) {
        saved_env = strdup(getenv(RNP_LOG_CONSOLE));
    }

getenv is used in 8 cpp files. Needs review.

maxirmx avatar Nov 17 '23 21:11 maxirmx