[BusyBox 0000980]: patch to avoid "broadcast +" syntax
Rob Landley
rob at landley.net
Wed Nov 29 10:25:45 PST 2006
On Wednesday 29 November 2006 4:53 am, Rich Felker wrote:
> I think ELF ABI stores the original 'environ' pointer immediately
> after the argument list, and since it's already been copied to extern
> char **environ and envp, the copy on the stack is no longer needed and
> it doesn't matter if you clobber it.
You're missing a dereference. He's not writing to &argv (which lives on the
stack), he's writing to argv[argc+1] (which lives in the chunk of memory
allocated to give you the initial environment space).
There are three layers to this:
The stack (contains 12 bytes: int argc, char **argv, char **envp)
The argv[] and envp[] arrays.
The string data pointed to by argv[] and envp[]
The second and third layers are preallocated stuff towards the start of the
process's memory address space, put there by the exec() syscall when it's
initializing the new process with data fed through from the previous process
(which has to be copied into the new context). Note that layers 2 and 3 are
_not_ on the heap, so don't free() them. (This is what that whole "using
environment variables without leaking memory" thread I posted to uClibc
recently was about.)
By the way, a couple years back I bumped into the weirdest bug:
http://lkml.org/lkml/2004/7/22/219
Which got fixed somewhere around 2.6.9:
http://lkml.org/lkml/2004/8/20/124
That's where I first started looking into the actual layout of this stuff, and
why I'm pretty sure that argv[] is going to be null terminated on Linux.
Rob
--
"Perfection is reached, not when there is no longer anything to add, but
when there is no longer anything to take away." - Antoine de Saint-Exupery
More information about the busybox
mailing list