From ff9ebfc4b618ee0113b23fb36ae4adfea62e31e2 Mon Sep 17 00:00:00 2001
From: Mark Johnston <markj@FreeBSD.org>
Date: Wed, 10 Jan 2018 21:37:11 +0000
Subject: [PATCH] Fix an off-by-one in dt_opt_setenv().

The bug would cause incorrect behaviour when attempting to override
an already set environment variable with -x setenv, as long as the
variable is not the last one in the array.

Reported by:	Samuel Lepetit <slepetit@apple.com>
MFC after:	2 weeks
---
 .../lib/libdtrace/common/dt_options.c         | 19 ++++++++++---------
 1 file changed, 10 insertions(+), 9 deletions(-)

diff --git a/cddl/contrib/opensolaris/lib/libdtrace/common/dt_options.c b/cddl/contrib/opensolaris/lib/libdtrace/common/dt_options.c
index 758422e3407f..c99e6007f9da 100644
--- a/cddl/contrib/opensolaris/lib/libdtrace/common/dt_options.c
+++ b/cddl/contrib/opensolaris/lib/libdtrace/common/dt_options.c
@@ -415,7 +415,7 @@ dt_opt_setenv(dtrace_hdl_t *dtp, const char *arg, uintptr_t option)
 {
 	char **p;
 	char *var;
-	int i;
+	int nvars;
 
 	/*
 	 * We can't effectively set environment variables from #pragma lines
@@ -430,7 +430,7 @@ dt_opt_setenv(dtrace_hdl_t *dtp, const char *arg, uintptr_t option)
 	if (!option && strchr(arg, '=') != NULL)
 		return (dt_set_errno(dtp, EDT_BADOPTVAL));
 
-	for (i = 1, p = dtp->dt_proc_env; *p != NULL; i++, p++)
+	for (nvars = 0, p = dtp->dt_proc_env; *p != NULL; nvars++, p++)
 		continue;
 
 	for (p = dtp->dt_proc_env; *p != NULL; p++) {
@@ -439,9 +439,9 @@ dt_opt_setenv(dtrace_hdl_t *dtp, const char *arg, uintptr_t option)
 			var = *p + strlen(*p);
 		if (strncmp(*p, arg, var - *p) == 0) {
 			dt_free(dtp, *p);
-			*p = dtp->dt_proc_env[i - 1];
-			dtp->dt_proc_env[i - 1] = NULL;
-			i--;
+			*p = dtp->dt_proc_env[nvars - 1];
+			dtp->dt_proc_env[nvars - 1] = NULL;
+			nvars--;
 		}
 	}
 
@@ -449,17 +449,18 @@ dt_opt_setenv(dtrace_hdl_t *dtp, const char *arg, uintptr_t option)
 		if ((var = strdup(arg)) == NULL)
 			return (dt_set_errno(dtp, EDT_NOMEM));
 
-		if ((p = dt_alloc(dtp, sizeof (char *) * (i + 1))) == NULL) {
+		nvars++;
+		if ((p = dt_alloc(dtp, sizeof(char *) * (nvars + 1))) == NULL) {
 			dt_free(dtp, var);
 			return (dt_set_errno(dtp, EDT_NOMEM));
 		}
 
-		bcopy(dtp->dt_proc_env, p, sizeof (char *) * i);
+		bcopy(dtp->dt_proc_env, p, sizeof(char *) * nvars);
 		dt_free(dtp, dtp->dt_proc_env);
 		dtp->dt_proc_env = p;
 
-		dtp->dt_proc_env[i - 1] = var;
-		dtp->dt_proc_env[i] = NULL;
+		dtp->dt_proc_env[nvars - 1] = var;
+		dtp->dt_proc_env[nvars] = NULL;
 	}
 
 	return (0);