Hi,
I noticed a crash in spawn(). It appears execvp() does not check whether
its first argument is NULL -- at least some implementations don't. They
happily try to dereference the NULL pointer and then segfault.
I've seen execvp() crash on Linux/glibc-2.24, FreeBSD 10.2, and NetBSD
7. "Of course", OpenBSD 5.9 properly handles a NULL pointer and does not
crash.
Cheers!
Peter
>From 39b361c36f2e898361976994aa4477862a7e42c7 Mon Sep 17 00:00:00 2001
From: Peter Hofmann <s...@uninformativ.de>
Date: Sun, 14 Aug 2016 12:00:51 +0200
Subject: [PATCH] Don't call execvp() with NULL as first argument
This fixes a crash (on some platforms) in the child process in scenarios
like this:
$ tabbed -d
0x3000003
$ xterm -into 0x3000003
[hit Ctrl+Shift+Return in tabbed]
---
tabbed.c | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/tabbed.c b/tabbed.c
index 9a44795..964c40d 100644
--- a/tabbed.c
+++ b/tabbed.c
@@ -1080,16 +1080,21 @@ spawn(const Arg *arg)
close(ConnectionNumber(dpy));
setsid();
- if (arg && arg->v) {
+ if (arg && arg->v && ((char **)arg->v)[0]) {
execvp(((char **)arg->v)[0], (char **)arg->v);
fprintf(stderr, "%s: execvp %s", argv0,
((char **)arg->v)[0]);
- } else {
+ perror(" failed");
+ } else if (cmd[0]) {
cmd[cmd_append_pos] = NULL;
execvp(cmd[0], cmd);
fprintf(stderr, "%s: execvp %s", argv0, cmd[0]);
+ perror(" failed");
+ }
+ else {
+ fprintf(stderr, "%s: Cannot spawn process, no command given\n",
+ argv0);
}
- perror(" failed");
exit(0);
}
}
--
2.9.2
