Comments (9)
Agreed. macOS 12 looks like it was released just two years ago and is still maintained, so it's unquestionably a recent enough version to care about. Let's remove the exception.
from time.
It's probably not sound on other unix either unless the hold this lock for the duration of the use of the pointers returned by getenv. E.g.
// inside getenv call
acquire_lock();
char *p = real_getenv();
release_lock();
// outside
use(p);
So just taking a lock around the duration of getenv/setenv is insufficient. It would need to be around the duration of whatever calls you're making into libc (or at least more of it than just getenv/setenv).
from time.
I'm not sure I understand what you're referring to — time
doesn't use a lock for any of this. The only lock present is that in std
, and the fact that it can't be relied upon is the underlying issue.
Specifically, there doesn't need to be a lock if
- the OS has thread-safe environment variables (which is this issue and at least one other)
- or the process is single-threaded.
The reason for the second is that it's inherently guaranteed that no one else can mutate the environment if there's no other code running.
from time.
My point is that the internals of getenv
/setenv
taking a lock is insufficient for an OS to have a thread-safe environment.
from time.
Ah, I see what you're saying. For illumos, thread safety is ensured by the fact that setting env vars leaks memory. I believe the same is true for NetBSD, though I don't have time to check at the moment.
from time.
Yeah, technically even that's not enough, assuming they only only leak on growth. In non-growth cases you'd still have a data race (as mentioned above by @BlackHoleFox), but it's probably fine in practice.
from time.
For clarity, it's the combination of leaking and locks.
it's probably fine in practice
I would have said that about the initial unsoundness. Even having the calls in a tight loop, it takes a couple seconds (tens of thousands of iterations) before anything happens. Even without the checks in place, it's very unlikely that unsoundness occurs. But apparently the original report was in fact found in the wild, not someone fuzzing. With that said, I have not the slightest clue what they were doing that would get anywhere near this.
Overall, as far as I am aware the current exemptions are sound. I only have access to my personal Linux machine (plus a Linux SSH machine from the Rust Foundation), so I am unable to verify any other OS. If someone wants to run the reproducer, they are free to do so and file an issue if it fails.
from time.
A data race like that likely wouldn't show up in a a reproducer, unless you compiled libc and the rust code with a data race detector (like thread sanitizer).
from time.
That is true. Regardless, anyone is free to file an issue if they find that an exemption is wrong, regardless of how that's discovered.
from time.
Related Issues (20)
- errored when execute in `cargo llvm-cov` HOT 1
- Arithmetic overflow occurs HOT 4
- Missing panic condition on API docs HOT 4
- Release with coverage fix HOT 1
- Arithmetic crash occurs HOT 1
- `Weekday` and `Time` (and probably more types) do not respect formatting flags HOT 2
- Panic when `nth_next_occurrence` and `nth_prev_occurrence` get `n = 0` HOT 2
- no localtime on openbsd HOT 7
- Support providing default values during parsing HOT 1
- Sub-millisecond component inaccuracy in OffsetDateTime conversion from js_sys::Date HOT 1
- Can i try to implement `Time::parse` equivalents? HOT 1
- Unexpected behavior of `time::serde::rfc3339::option::deserialize()` HOT 3
- OffsetDateTime lacks an obvious constructor
- Implement `arbitrary::Arbitrary` trait for exported types HOT 2
- [feature request] Serde support unix timestamps in millisecond precision HOT 2
- ISO6801 and a SPACE instead of a T HOT 2
- reliable way to get local time HOT 2
- Cannot Deserialize timestamp with milliseconds HOT 3
- PrimitiveDateTime does not parse with insufficient information HOT 4
- Breaking change wish-list HOT 13
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from time.