Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

std.process.environment is NOT SAFE #10580

Open
schveiguy opened this issue Dec 10, 2024 · 1 comment
Open

std.process.environment is NOT SAFE #10580

schveiguy opened this issue Dec 10, 2024 · 1 comment

Comments

@schveiguy
Copy link
Member

Yet, all the members of the environment class are marked @safe or @trusted.

As an example, setting an environment variable on one thread, and reading it on another thread, could call setenv and getenv respectively. These functions are not thread safe, and getenv can easily return memory that is deallocated. I've even had getenv itself segfault, because it is iterating the environment pointer as it is being realloc'd in another thread.

We should lock around any reading or manipulation of environment. We can't mark these functions as not safe at this point.

@0xEAB
Copy link
Member

0xEAB commented Dec 10, 2024

We are not alone. PHP suffers from this as well. A popular environment file loader library in their ecosystem specifically warns about this problem:

Using getenv() and putenv() is strongly discouraged due to the fact that these functions are not thread safe

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants