space allocation bug in exec()
utzoo!hcr!rrg
utzoo!hcr!rrg
Tue Nov 30 20:18:31 AEST 1982
This from Peter Ross of HCR:
/*
* UNIX exec doesn't check to ensure that there is sufficient space
* to store the necessary pointers (*argp[], *envp[]). It does
* allocate space for the strings but depends on SINCR being
* enough for the pointers. The following program works when
* LIMIT is 100 but fails when it is 1000.
*/
#define LIMIT 1000
char *av[LIMIT+1];
main()
{
int i;
for (i = 0; i < LIMIT; i++)
av[i] = "x";
execv("/bin/echo", av);
}
More information about the Net.bugs.v7
mailing list