What's past the end of `environ`?

Issue

I'm facing an issue with the Free Pascal shared library startup code on Android. The Free Pascal RTL sources have the following fragment:

type
  TAuxiliaryValue = cuInt32;

  TInternalUnion = record
    a_val: cuint32;           //* Integer value */
      {* We use to have pointer elements added here.  We cannot do that,
         though, since it does not work when using 32-bit definitions
         on 64-bit platforms and vice versa.  *}
  end;

  Elf32_auxv_t = record
    a_type: cuint32;              //* Entry type */
    a_un: TInternalUnion;
  end;
  TElf32AuxiliaryVector = Elf32_auxv_t;
  PElf32AuxiliaryVector = ^TElf32AuxiliaryVector;

var
  psysinfo: LongWord = 0;

procedure InitSyscallIntf;
var
  ep: PPChar;
  auxv: PElf32AuxiliaryVector;
begin

  psysinfo := 0;
  ep := envp;
  while ep^ <> nil do
    Inc(ep);

  Inc(ep);

  auxv := PElf32AuxiliaryVector(ep);

  repeat
    if auxv^.a_type = AT_SYSINFO then begin
      psysinfo := auxv^.a_un.a_val;
      if psysinfo <> 0 then
        sysenter_supported := 1; // descision factor in asm syscall routines
      Break;
    end;
    Inc(auxv);
  until auxv^.a_type = AT_NULL;
end;

The procedure InitSyscallIntf is being invoked as a part of the SO startup sequence. The envp is a unit-level variable that's initialized earlier in the startup sequence to the value of libc's environ. What this looks like to me, the code is trying to scan the environ array past the null pointer (which I thought denoted the end of the environment block), then tries to read the memory that's past.

What are they expecting to find past the end of the environ array? Probably they're making some assumptions about the structure of memory of a loaded ELF file - can I see a reference?

Solution

The link posted by Seva is what it is looking at, and in that it is looking if the sysenter instruction is supported.

This instruction allows for faster syscalls, and on Linux and FreeBSD kernel based systems, generally Free Pascal program access the kernel directly, not via libc.

See rtl/linux/i386/* an rtl/linux/x86_64 for the syscall wrapper routines, and you'll see the test for sysenter there.

Answered By - Marco van de Voort