Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix UB in std::sys::os::getenv() #114968

Merged
merged 1 commit into from
Aug 20, 2023
Merged

Conversation

ShE3py
Copy link
Contributor

@ShE3py ShE3py commented Aug 18, 2023

Fixes #114949.

Reduced the loops to 1k iterations (100k was taking way too long), Miri no longer shows any UB.

@rustbot label +A-process +C-bug +I-unsound +O-unix

@rustbot
Copy link
Collaborator

rustbot commented Aug 18, 2023

Thanks for the pull request, and welcome! The Rust team is excited to review your changes, and you should hear from @thomcc (or someone else) soon.

Please see the contribution instructions for more information. Namely, in order to ensure the minimum review times lag, PR authors and assigned reviewers should ensure that the review label (S-waiting-on-review and S-waiting-on-author) stays updated, invoking these commands when appropriate:

  • @rustbot author: the review is finished, PR author should check the comments and take action accordingly
  • @rustbot review: the author is ready for a review, this PR will be queued again in the reviewer's queue

@rustbot rustbot added S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. T-libs Relevant to the library team, which will review and decide on the PR/issue. A-process Area: `std::process` and `std::env` C-bug Category: This is a bug. I-unsound Issue: A soundness hole (worst kind of bug), see: https://en.wikipedia.org/wiki/Soundness O-unix Operating system: Unix-like I-prioritize Issue: Indicates that prioritization has been requested for this issue. labels Aug 18, 2023
@lqd lqd removed I-unsound Issue: A soundness hole (worst kind of bug), see: https://en.wikipedia.org/wiki/Soundness C-bug Category: This is a bug. I-prioritize Issue: Indicates that prioritization has been requested for this issue. labels Aug 18, 2023
@Nekrolm
Copy link

Nekrolm commented Aug 18, 2023

@ShE3py ShE3py force-pushed the unix-getsetenv-ub branch from ce33746 to 83c713b Compare August 18, 2023 14:07
@ShE3py ShE3py changed the title Fix UB in std::sys::unix::os::getenv() Fix UB in std::sys::os::getenv() Aug 18, 2023
@ShE3py
Copy link
Contributor Author

ShE3py commented Aug 18, 2023

Same changes seems also needed for https://github.com/rust-lang/rust/blob/master/library/std/src/sys/solid/os.rs#L173 and https://github.com/rust-lang/rust/blob/master/library/std/src/sys/wasi/os.rs#L230

there are same patterns

Thanks for pointing out, I also copied env_read_lock() to Solid as I guess it too should ignore poisoning (furthermore the result was ignored, resulting in UB as _guard was a Result<Guard, NotAGuard>).

EDIT: Same problem with let _guard = ENV_LOCK.write();, imma fix that.

@thomcc
Copy link
Member

thomcc commented Aug 18, 2023

Wasn't the Err case of the guard something that held a nested guard?

@@ -81,6 +81,10 @@ pub fn current_exe() -> io::Result<PathBuf> {

static ENV_LOCK: RwLock<()> = RwLock::new(());

pub fn env_read_lock() -> impl Drop {
ENV_LOCK.read().unwrap_or_else(PoisonError::into_inner)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is fine, but isn't actually needed.

@thomcc
Copy link
Member

thomcc commented Aug 18, 2023

@bors r+

@bors
Copy link
Contributor

bors commented Aug 18, 2023

📌 Commit 83c713b has been approved by thomcc

It is now in the queue for this repository.

@bors bors added S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. and removed S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. labels Aug 18, 2023
@ShE3py
Copy link
Contributor Author

ShE3py commented Aug 18, 2023

Wasn't the Err case of the guard something that held a nested guard?

pub type LockResult<Guard> = Result<Guard, PoisonError<Guard>>;

pub struct PoisonError<T> {
    guard: T,
}

You're right, the lock is acquired regardless of the variant, so the result can be used as-is.

@klensy
Copy link
Contributor

klensy commented Aug 18, 2023

Topic mentioned some loop iterations, but test didn't added here?

@ShE3py
Copy link
Contributor Author

ShE3py commented Aug 18, 2023

I couldn't find any text or code (to copy from) to make a Miri test, but if you have one, I can add a test.

@bors
Copy link
Contributor

bors commented Aug 18, 2023

⌛ Testing commit 83c713b with merge d740f54773594676ef4bb6d1cdac26c968323494...

@rust-log-analyzer
Copy link
Collaborator

The job i686-mingw failed! Check out the build log: (web) (plain)

Click to see the possible cause of the failure (guessed by this bot)
failures:

---- [rustdoc] tests\rustdoc\inline_cross\macro-vis.rs stdout ----

error: rustdoc failed!
status: exit code: 0xc0000005
command: PATH="C:\a\rust\rust\build\i686-pc-windows-gnu\stage2\bin;C:\a\rust\rust\build\i686-pc-windows-gnu\stage0-bootstrap-tools\i686-pc-windows-gnu\release\deps;C:\a\rust\rust\build\i686-pc-windows-gnu\stage0\bin;C:\a\rust\rust\ninja;C:\a\rust\rust\mingw32\bin;C:\hostedtoolcache\windows\Python\3.11.4\x64\Scripts;C:\hostedtoolcache\windows\Python\3.11.4\x64;C:\msys64\usr\bin;C:\a\rust\rust\sccache;C:\Program Files\MongoDB\Server\5.0\bin;C:\aliyun-cli;C:\vcpkg;C:\cf-cli;C:\Program Files (x86)\NSIS;C:\tools\zstd;C:\Program Files\Mercurial;C:\hostedtoolcache\windows\stack\2.11.1\x64;C:\cabal\bin;C:\ghcup\bin;C:\Program Files\dotnet;C:\mysql\bin;C:\Program Files\R\R-4.3.1\bin\x64;C:\SeleniumWebDrivers\GeckoDriver;C:\Program Files (x86)\sbt\bin;C:\Program Files (x86)\GitHub CLI;C:\Program Files\Git\bin;C:\Program Files (x86)\pipx_bin;C:\npm\prefix;C:\hostedtoolcache\windows\go\1.20.7\x64\bin;C:\hostedtoolcache\windows\Python\3.7.9\x64\Scripts;C:\hostedtoolcache\windows\Python\3.7.9\x64;C:\hostedtoolcache\windows\Ruby\2.5.9\x64\bin;C:\Program Files\OpenSSL\bin;C:\tools\kotlinc\bin;C:\hostedtoolcache\windows\Java_Temurin-Hotspot_jdk\8.0.382-5\x64\bin;C:\Program Files\ImageMagick-7.1.1-Q16-HDRI;C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\wbin;C:\ProgramData\kind;C:\Program Files\Eclipse Foundation\jdk-8.0.302.8-hotspot\bin;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0;C:\Windows\System32\OpenSSH;C:\ProgramData\Chocolatey\bin;C:\Program Files\PowerShell\7;C:\Program Files\Microsoft\Web Platform Installer;C:\Program Files\Microsoft SQL Server\130\Tools\Binn;C:\Program Files\Microsoft SQL Server\Client SDK\ODBC\170\Tools\Binn;C:\Program Files (x86)\Windows Kits\10\Windows Performance Toolkit;C:\Program Files (x86)\Microsoft SQL Server\110\DTS\Binn;C:\Program Files (x86)\Microsoft SQL Server\120\DTS\Binn;C:\Program Files (x86)\Microsoft SQL Server\130\DTS\Binn;C:\Program Files (x86)\Microsoft SQL Server\140\DTS\Binn;C:\Program Files (x86)\Microsoft SQL Server\150\DTS\Binn;C:\Program Files (x86)\Microsoft SQL Server\160\DTS\Binn;C:\Strawberry\c\bin;C:\Strawberry\perl\site\bin;C:\Strawberry\perl\bin;C:\ProgramData\chocolatey\lib\pulumi\tools\Pulumi\bin;C:\Program Files\TortoiseSVN\bin;C:\Program Files\CMake\bin;C:\ProgramData\chocolatey\lib\maven\apache-maven-3.8.7\bin;C:\Program Files\Microsoft Service Fabric\bin\Fabric\Fabric.Code;C:\Program Files\Microsoft SDKs\Service Fabric\Tools\ServiceFabricLocalClusterManager;C:\Program Files\nodejs;C:\Program Files\Git\cmd;C:\Program Files\Git\mingw64\bin;C:\Program Files\Git\usr\bin;C:\Program Files\GitHub CLI;C:\tools\php;C:\Program Files (x86)\sbt\bin;C:\SeleniumWebDrivers\ChromeDriver;C:\SeleniumWebDrivers\EdgeDriver;C:\Program Files\Amazon\AWSCLIV2;C:\Program Files\Amazon\SessionManagerPlugin\bin;C:\Program Files\Amazon\AWSSAMCLI\bin;C:\Program Files (x86)\Google\Cloud SDK\google-cloud-sdk\bin;C:\Program Files (x86)\Microsoft BizTalk Server;C:\Program Files\LLVM\bin;C:\Users\runneradmin\.dotnet\tools;C:\Users\runneradmin\.cargo\bin;C:\Users\runneradmin\AppData\Local\Microsoft\WindowsApps" "C:\\a\\rust\\rust\\build\\i686-pc-windows-gnu\\stage2\\bin\\rustdoc.exe" "-L" "C:\\a\\rust\\rust\\build\\i686-pc-windows-gnu\\stage2\\lib\\rustlib\\i686-pc-windows-gnu\\lib" "-L" "C:\\a\\rust\\rust\\build\\i686-pc-windows-gnu\\test\\rustdoc\\inline_cross\\macro-vis\\auxiliary" "-o" "C:\\a\\rust\\rust\\build\\i686-pc-windows-gnu\\test\\rustdoc\\inline_cross\\macro-vis" "--deny" "warnings" "C:\\a\\rust\\rust\\tests\\rustdoc\\inline_cross\\macro-vis.rs" "-A" "internal_features"
stderr: none



@bors
Copy link
Contributor

bors commented Aug 18, 2023

💔 Test failed - checks-actions

@bors bors added S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. and removed S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. labels Aug 18, 2023
@thomcc
Copy link
Member

thomcc commented Aug 18, 2023

@rustbot author

@rustbot rustbot added S-waiting-on-author Status: This is awaiting some action (such as code changes or more information) from the author. and removed S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. labels Aug 18, 2023
@ChrisDenton
Copy link
Member

Hm, this PR shouldn't be affecting windows targets, not even mingw? Also weird that it's a rustdoc failure. My guess would be it's spurious.

@thomcc
Copy link
Member

thomcc commented Aug 18, 2023

@bors retry

@bors bors added S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. and removed S-waiting-on-author Status: This is awaiting some action (such as code changes or more information) from the author. labels Aug 18, 2023
@thomcc
Copy link
Member

thomcc commented Aug 19, 2023

@bors ping

@bors
Copy link
Contributor

bors commented Aug 19, 2023

😪 I'm awake I'm awake

@thomcc
Copy link
Member

thomcc commented Aug 19, 2023

@bors r+

@bors
Copy link
Contributor

bors commented Aug 19, 2023

💡 This pull request was already approved, no need to approve it again.

@bors
Copy link
Contributor

bors commented Aug 19, 2023

📌 Commit 83c713b has been approved by thomcc

It is now in the queue for this repository.

bors added a commit to rust-lang-ci/rust that referenced this pull request Aug 20, 2023
…iaskrgr

Rollup of 5 pull requests

Successful merges:

 - rust-lang#114834 (Avoid side-effects from `try_coerce` when suggesting borrowing LHS of cast)
 - rust-lang#114968 (Fix UB in `std::sys::os::getenv()`)
 - rust-lang#114976 (Ignore unexpected incr-comp session dirs)
 - rust-lang#114999 (Migrate GUI colors test to original CSS color format)
 - rust-lang#115000 (custom_mir: change Call() terminator syntax to something more readable)

r? `@ghost`
`@rustbot` modify labels: rollup
@bors bors merged commit 7b66abe into rust-lang:master Aug 20, 2023
@rustbot rustbot added this to the 1.73.0 milestone Aug 20, 2023
bors added a commit to rust-lang-ci/rust that referenced this pull request Aug 21, 2023
Add data race test to `std::env::{get, set}`

Complements rust-lang#114968, closes rust-lang#114949.
weihanglo added a commit to weihanglo/rust that referenced this pull request Aug 24, 2023
…ison-error-in-os, r=cuviper

kmc-solid: Import `std::sync::PoisonError` in `std::sys::solid::os`

Follow-up to rust-lang#114968. Fixes a missing import in [`*-kmc-solid_*`](https://doc.rust-lang.org/nightly/rustc/platform-support/kmc-solid.html) Tier 3 targets.

```
 error[E0433]: failed to resolve: use of undeclared type `PoisonError`
 C:\Users\xxxxx\.rustup\toolchains\nightly-2023-08-23-x86_64-pc-windows-gnu\lib\rustlib\src\rust\library\std\src\sys\solid\os.rs(85,36)
   |
85 |     ENV_LOCK.read().unwrap_or_else(PoisonError::into_inner)
   |                                    ^^^^^^^^^^^ use of undeclared type `PoisonError`
   |
```
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
A-process Area: `std::process` and `std::env` O-unix Operating system: Unix-like S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. T-libs Relevant to the library team, which will review and decide on the PR/issue.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Possible data race & use-after-free in std::env::var for unix implementation
9 participants