[Bug libstdc++/61235] New: SYSTEM(3) - had better copy its command string parameter
shaneyfelt at yahoo dot com
gcc-bugzilla@gcc.gnu.org
Mon May 19 17:28:00 GMT 2014
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61235
Bug ID: 61235
Summary: SYSTEM(3) - had better copy its command string
parameter
Product: gcc
Version: 4.8.1
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: libstdc++
Assignee: unassigned at gcc dot gnu.org
Reporter: shaneyfelt at yahoo dot com
The cstdlib system function sometimes assumes that the
caller will keep the command string allocated
after the call returns. The result may be accessing
memory that is no longer available and attempting
to run commands from it.
This happens whenever the system command contains
'&' to spawn a new process as in the example below.
#include <stdlib.c>
void example() {
string cmd = "xdot <<EOF &\ndigraph { a->b }\nEOF\n";
system(cmd.c_str());
}
int main() {
f(); // allocate some memory on the heap
example();
g(); // delete some memory from the heap
example();
// stderr shows extra garbage indicating that
// sh tried to executes bits and pieces of the
// previously executed command
}
The suggested solution is for the system function to copy
string into memory where it will be kept until the
subprocess that is reading it terminates.
Although the caller may try to allocate the strings in
dynamic memory whenever the system function is called,
the caller may not be able to easily tell when the process
terminates in order to free the memory. Therefore forcing the
solution on the caller may cause memory leaks.
More information about the Gcc-bugs
mailing list