Mailing-List: contact dev-help@apr.apache.org; run by ezmlm
Precedence: bulk
Received-SPF: neutral (nike.apache.org: local policy)
MIME-Version: 1.0
In-Reply-To: 
 <648AFB5742D6394FB956DC606975560559CA04C5@OLFANDEXCH01.andover.olf.com>
References: <yuatyrzs3oh.fsf@slappy.raleigh.ibm.com>
	 <05D9D8EB-F320-4C9B-BC9A-EEC27401C94D@sharp.fm>
	 <yuaaatrs0zq.fsf@slappy.raleigh.ibm.com>
	 <DF9B5231-CFC9-49E7-9BEE-F1ACAFACCB34@sharp.fm>
	 <648AFB5742D6394FB956DC606975560559CA04C5@OLFANDEXCH01.andover.olf.com>
Date: Thu, 22 Apr 2010 19:30:15 -0400
Message-ID: <z2sfa6be6421004221630idf287e29m76d24b0e891f10a1@mail.gmail.com>
Subject: Re: apr_env_set use of putenv
From: Wes Garland <wes@page.ca>
To: Ed Holyat <eholyat@olf.com>
Cc: Graham Leggett <minfrin@sharp.fm>, Dan Poirier <poirier@pobox.com>,
	"dev@apr.apache.org" <dev@apr.apache.org>
Content-Type: multipart/alternative; boundary=00163630f40f66b5e90484dbb188

--00163630f40f66b5e90484dbb188
Content-Type: text/plain; charset=ISO-8859-1

Leaking is nasty, but I have to agree with Ed here.

The problem with Graham's "proper" solution is that it is quite legitimate
for a pure-C caller -- e.g. a DSO with no knowledge of APR whatsoever -- to
pull an environment variable with getenv and expect to be able to hold on to
that pointer for the lifetime of the program.

Awful, but true. API fail!

Here's what the BSD folks have to say, courtesy of my Leopard box:
BUGS
     Successive calls to setenv() or putenv() assigning a differently sized
value to the same name will result in a memory leak.  The
     FreeBSD semantics for these functions (namely, that the contents of
value are copied and that old values remain accessible indefi-
     nitely) make this bug unavoidable.  Future versions may eliminate one
or both of these semantic guarantees in order to fix the
     bug.

It's pretty much the same everywhere else IME.

Wes

On Thu, Apr 22, 2010 at 7:18 PM, Ed Holyat <eholyat@olf.com> wrote:

> - Windows automatically copies and controls the memory with _putenv,
> allocating a copy on Windows should not be done.
>
> - Unix requires a memory allocation, you can free the memory in the
> environment if you clear the environment variable.
>
> e.g.  UNIX
>
> mymem=strdup("FOO=abc");
> putenv(mymem);
> putenv("FOO=");
> free(mymem);
>
> In my opinion it is not worth the coding effort to keep track of the
> environment variables you set and then freeing them.  Environment variables
> should be set once and used for the life of the program they are not meant
> to be set and unset over and over again.
> UNIX should just be putenv(strdup("FOO=abc"));//set it and forget it.
>
> -----Original Message-----
> From: Graham Leggett [mailto:minfrin@sharp.fm]
> Sent: Monday, March 29, 2010 9:55 AM
> To: Dan Poirier
> Cc: dev@apr.apache.org
> Subject: Re: apr_env_set use of putenv
>
> On 29 Mar 2010, at 3:36 PM, Dan Poirier wrote:
>
> > I don't think that's the right pattern to follow.  apr_table is used
> > to
> > allocate a new data structure, owned by the caller, and the caller
> > certainly should control its lifetime.  apr_env_set() is used to add
> > an
> > entry to the OS's environment, which the caller does not own and would
> > not expect to have any control over the lifetime of its entries.
>
>  From what I can see of the code right now, the caller is expected to
> control the lifetime of the string that it passes, or set up their own
> cleanup as appropriate to ensure that the environment entry is removed
> if the pool is removed.
>
> The strdup() is by definition a leak, so that isn't ideal at all.
>
> I suspect the docs would need to be updated to warn the caller than if
> they set a string in the environment, they are required to ensure
> their string lives as long as the process, or to register their own
> cleanup if not.
>
> Regards,
> Graham
> --
>
>
>


-- 
Wesley W. Garland
Director, Product Development
PageMail, Inc.
+1 613 542 2787 x 102

--00163630f40f66b5e90484dbb188
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

Leaking is nasty, but I have to agree with Ed here.<br><br>The problem with=
 Graham&#39;s &quot;proper&quot; solution is that it is quite legitimate fo=
r a pure-C caller -- e.g. a DSO with no knowledge of APR whatsoever -- to p=
ull an environment variable with getenv and expect to be able to hold on to=
 that pointer for the lifetime of the program.<br>
<br>Awful, but true. API fail!<br><br>Here&#39;s what the BSD folks have to=
 say, courtesy of my Leopard box:<br>BUGS<br>=A0=A0=A0=A0 Successive calls =
to setenv() or putenv() assigning a differently sized value to the same nam=
e will result in a memory leak.=A0 The<br>
=A0=A0=A0=A0 FreeBSD semantics for these functions (namely, that the conten=
ts of value are copied and that old values remain accessible indefi-<br>=A0=
=A0=A0=A0 nitely) make this bug unavoidable.=A0 Future versions may elimina=
te one or both of these semantic guarantees in order to fix the<br>
=A0=A0=A0=A0 bug.<br><br>It&#39;s pretty much the same everywhere else IME.=
<br><br>Wes<br><br><div class=3D"gmail_quote">On Thu, Apr 22, 2010 at 7:18 =
PM, Ed Holyat <span dir=3D"ltr">&lt;<a href=3D"mailto:eholyat@olf.com">ehol=
yat@olf.com</a>&gt;</span> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin: 0pt 0pt 0pt 0.8ex; borde=
r-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">- Windows automat=
ically copies and controls the memory with _putenv, allocating a copy on Wi=
ndows should not be done.<br>

<br>
- Unix requires a memory allocation, you can free the memory in the environ=
ment if you clear the environment variable.<br>
<br>
e.g. =A0UNIX<br>
<br>
mymem=3Dstrdup(&quot;FOO=3Dabc&quot;);<br>
putenv(mymem);<br>
putenv(&quot;FOO=3D&quot;);<br>
free(mymem);<br>
<br>
In my opinion it is not worth the coding effort to keep track of the enviro=
nment variables you set and then freeing them. =A0Environment variables sho=
uld be set once and used for the life of the program they are not meant to =
be set and unset over and over again.<br>

UNIX should just be putenv(strdup(&quot;FOO=3Dabc&quot;));//set it and forg=
et it.<br>
<div><div></div><div class=3D"h5"><br>
-----Original Message-----<br>
From: Graham Leggett [mailto:<a href=3D"mailto:minfrin@sharp.fm">minfrin@sh=
arp.fm</a>]<br>
Sent: Monday, March 29, 2010 9:55 AM<br>
To: Dan Poirier<br>
Cc: <a href=3D"mailto:dev@apr.apache.org">dev@apr.apache.org</a><br>
Subject: Re: apr_env_set use of putenv<br>
<br>
On 29 Mar 2010, at 3:36 PM, Dan Poirier wrote:<br>
<br>
&gt; I don&#39;t think that&#39;s the right pattern to follow. =A0apr_table=
 is used<br>
&gt; to<br>
&gt; allocate a new data structure, owned by the caller, and the caller<br>
&gt; certainly should control its lifetime. =A0apr_env_set() is used to add=
<br>
&gt; an<br>
&gt; entry to the OS&#39;s environment, which the caller does not own and w=
ould<br>
&gt; not expect to have any control over the lifetime of its entries.<br>
<br>
=A0From what I can see of the code right now, the caller is expected to<br>
control the lifetime of the string that it passes, or set up their own<br>
cleanup as appropriate to ensure that the environment entry is removed<br>
if the pool is removed.<br>
<br>
The strdup() is by definition a leak, so that isn&#39;t ideal at all.<br>
<br>
I suspect the docs would need to be updated to warn the caller than if<br>
they set a string in the environment, they are required to ensure<br>
their string lives as long as the process, or to register their own<br>
cleanup if not.<br>
<br>
Regards,<br>
Graham<br>
--<br>
<br>
<br>
</div></div></blockquote></div><br><br clear=3D"all"><br>-- <br>Wesley W. G=
arland<br>Director, Product Development<br>PageMail, Inc.<br>+1 613 542 278=
7 x 102<br>

--00163630f40f66b5e90484dbb188--