Auto merge of #55611 - alexcrichton:beta-next, r=alexcrichton

[beta] Fixes #46775 -- don't mutate the process's environment in Command::exec

This is a backport of the following PRs:

* #55359
* #55569
* #55304

Author: bors

.travis.yml

@@ -197,23 +197,10 @@ matrix:
         . src/ci/docker/x86_64-gnu-tools/repo.sh;
         commit_toolstate_change "$MESSAGE_FILE" "$TRAVIS_BUILD_DIR/src/tools/publish_toolstate.py" "$(git rev-parse HEAD)" "$(git log --format=%s -n1 HEAD)" "$MESSAGE_FILE" "$TOOLSTATE_REPO_ACCESS_TOKEN";
 
-env:
-  global:
-    - SCCACHE_BUCKET=rust-lang-ci-sccache2
-    - SCCACHE_REGION=us-west-1
-    - AWS_ACCESS_KEY_ID=AKIAJAMV3QAMMA6AXHFQ
-    # AWS_SECRET_ACCESS_KEY=...
-    - secure: "j96XxTVOSUf4s4r4htIxn/fvIa5DWbMgLqWl7r8z2QfgUwscmkMXAwXuFNc7s7bGTpV/+CgDiMFFM6BAFLGKutytIF6oA02s9b+usQYnM0th7YQ2AIgm9GtMTJCJp4AoyfFmh8F2faUICBZlfVLUJ34udHEe35vOklix+0k4WDo="
-    # TOOLSTATE_REPO_ACCESS_TOKEN=...
-    - secure: "ESfcXqv4N2VMhqi2iIyw6da9VrsA78I4iR1asouCaq4hzTTrkB4WNRrfURy6xg72gQ4nMhtRJbB0/2jmc9Cu1+g2CzXtyiL223aJ5CKrXdcvbitopQSDfp07dMWm+UED+hNFEanpErKAeU/6FM3A+J+60PMk8MCF1h9tqNRISJw="
-
 before_install:
-  # We'll use the AWS cli to download/upload cached docker layers, so install
-  # that here.
-  - if [ "$TRAVIS_OS_NAME" = linux ]; then
-      pip install --user awscli;
-      export PATH=$PATH:$HOME/.local/bin;
-    fi
+  # We'll use the AWS cli to download/upload cached docker layers as well as
+  # push our deployments, so download that here.
+  - pip install --user awscli; export PATH=$PATH:$HOME/.local/bin
   - mkdir -p $HOME/rustsrc
   # FIXME(#46924): these two commands are required to enable IPv6,
   # they shouldn't exist, please revert once more official solutions appeared.
@@ -276,6 +263,23 @@ after_success:
       echo "#### Build successful; Disk usage after running script:";
       df -h;
       du . | sort -nr | head -n100
+  - >
+      if [ "$DEPLOY$DEPLOY_ALT" == "1" ]; then
+        mkdir -p deploy/$TRAVIS_COMMIT;
+        if [ "$TRAVIS_OS_NAME" == "osx" ]; then
+            rm -rf build/dist/doc &&
+            cp -r build/dist/* deploy/$TRAVIS_COMMIT;
+        else
+            rm -rf obj/build/dist/doc &&
+            cp -r obj/build/dist/* deploy/$TRAVIS_COMMIT;
+        fi;
+        ls -la deploy/$TRAVIS_COMMIT;
+        deploy_dir=rustc-builds;
+        if [ "$DEPLOY_ALT" == "1" ]; then
+            deploy_dir=rustc-builds-alt;
+        fi;
+        travis_retry aws s3 cp --no-progress --recursive --acl public-read ./deploy s3://rust-lang-ci2/$deploy_dir
+      fi
 
 after_failure:
   - >
@@ -322,77 +326,3 @@ after_failure:
 
 notifications:
   email: false
-
-before_deploy:
-  - mkdir -p deploy/$TRAVIS_COMMIT
-  - >
-      if [ "$TRAVIS_OS_NAME" == "osx" ]; then
-          rm -rf build/dist/doc &&
-          cp -r build/dist/* deploy/$TRAVIS_COMMIT;
-      else
-          rm -rf obj/build/dist/doc &&
-          cp -r obj/build/dist/* deploy/$TRAVIS_COMMIT;
-      fi
-  - ls -la deploy/$TRAVIS_COMMIT
-
-deploy:
-  - provider: s3
-    bucket: rust-lang-ci2
-    skip_cleanup: true
-    local_dir: deploy
-    upload_dir: rustc-builds
-    acl: public_read
-    region: us-west-1
-    access_key_id: AKIAJVBODR3IA4O72THQ
-    secret_access_key:
-      secure: "kUGd3t7JcVWFESgIlzvsM8viZgCA9Encs3creW0xLJaLSeI1iVjlJK4h/2/nO6y224AFrh/GUfsNr4/4AlxPuYb8OU5oC5Lv+Ff2JiRDYtuNpyQSKAQp+bRYytWMtrmhja91h118Mbm90cUfcLPwkdiINgJNTXhPKg5Cqu3VYn0="
-    on:
-      branch: auto
-      condition: $DEPLOY = 1
-
-  # this is the same as the above deployment provider except that it uploads to
-  # a slightly different directory and has a different trigger
-  - provider: s3
-    bucket: rust-lang-ci2
-    skip_cleanup: true
-    local_dir: deploy
-    upload_dir: rustc-builds-alt
-    acl: public_read
-    region: us-west-1
-    access_key_id: AKIAJVBODR3IA4O72THQ
-    secret_access_key:
-      secure: "kUGd3t7JcVWFESgIlzvsM8viZgCA9Encs3creW0xLJaLSeI1iVjlJK4h/2/nO6y224AFrh/GUfsNr4/4AlxPuYb8OU5oC5Lv+Ff2JiRDYtuNpyQSKAQp+bRYytWMtrmhja91h118Mbm90cUfcLPwkdiINgJNTXhPKg5Cqu3VYn0="
-    on:
-      branch: auto
-      condition: $DEPLOY_ALT = 1
-
-  # These two providers are the same as the two above, except deploy on the
-  # try branch. Travis does not appear to provide a way to use "or" in these
-  # conditions.
-  - provider: s3
-    bucket: rust-lang-ci2
-    skip_cleanup: true
-    local_dir: deploy
-    upload_dir: rustc-builds
-    acl: public_read
-    region: us-west-1
-    access_key_id: AKIAJVBODR3IA4O72THQ
-    secret_access_key:
-      secure: "kUGd3t7JcVWFESgIlzvsM8viZgCA9Encs3creW0xLJaLSeI1iVjlJK4h/2/nO6y224AFrh/GUfsNr4/4AlxPuYb8OU5oC5Lv+Ff2JiRDYtuNpyQSKAQp+bRYytWMtrmhja91h118Mbm90cUfcLPwkdiINgJNTXhPKg5Cqu3VYn0="
-    on:
-      branch: try
-      condition: $DEPLOY = 1
-
-  - provider: s3
-    bucket: rust-lang-ci2
-    skip_cleanup: true
-    local_dir: deploy
-    upload_dir: rustc-builds-alt
-    acl: public_read
-    region: us-west-1
-    access_key_id: AKIAJVBODR3IA4O72THQ
-    secret_access_key:
-      secure: "kUGd3t7JcVWFESgIlzvsM8viZgCA9Encs3creW0xLJaLSeI1iVjlJK4h/2/nO6y224AFrh/GUfsNr4/4AlxPuYb8OU5oC5Lv+Ff2JiRDYtuNpyQSKAQp+bRYytWMtrmhja91h118Mbm90cUfcLPwkdiINgJNTXhPKg5Cqu3VYn0="
-    on:
-      branch: try
-      condition: $DEPLOY_ALT = 1

appveyor.yml

@@ -1,12 +1,5 @@
 environment:
-  SCCACHE_BUCKET: rust-lang-ci-sccache2
-  SCCACHE_REGION: us-west-1
-  AWS_ACCESS_KEY_ID: AKIAJAMV3QAMMA6AXHFQ
-  AWS_SECRET_ACCESS_KEY:
-    secure: 7Y+JiquYedOAgnUU26uL0DPzrxmTtR+qIwG6rNKSuWDffqU3vVZxbGXim9QpTO80
   SCCACHE_DIGEST: f808afabb4a4eb1d7112bcb3fa6be03b61e93412890c88e177c667eb37f46353d7ec294e559b16f9f4b5e894f2185fe7670a0df15fd064889ecbd80f0c34166c
-  TOOLSTATE_REPO_ACCESS_TOKEN:
-    secure: gKGlVktr7iuqCoYSxHxDE9ltLOKU0nYDEuQxvWbNxUIW7ri5ppn8L06jQzN0GGzN
 
   # By default schannel checks revocation of certificates unlike some other SSL
   # backends, but we've historically had problems on CI where a revocation
@@ -235,10 +228,8 @@ before_deploy:
 
 deploy:
   - provider: S3
-    skip_cleanup: true
-    access_key_id: AKIAJVBODR3IA4O72THQ
-    secret_access_key:
-      secure: tQWIE+DJHjXaV4np/3YeETkEmXngtIuIgAO/LYKQaUshGLgN8cBCFGG3cHx5lKLt
+    access_key_id: $(AWS_ACCESS_KEY_ID)
+    secret_access_key: $(AWS_SECRET_ACCESS_KEY)
     bucket: rust-lang-ci2
     set_public: true
     region: us-west-1
@@ -252,10 +243,8 @@ deploy:
   # This provider is the same as the one above except that it has a slightly
   # different upload directory and a slightly different trigger
   - provider: S3
-    skip_cleanup: true
-    access_key_id: AKIAJVBODR3IA4O72THQ
-    secret_access_key:
-      secure: tQWIE+DJHjXaV4np/3YeETkEmXngtIuIgAO/LYKQaUshGLgN8cBCFGG3cHx5lKLt
+    access_key_id: $(AWS_ACCESS_KEY_ID)
+    secret_access_key: $(AWS_SECRET_ACCESS_KEY)
     bucket: rust-lang-ci2
     set_public: true
     region: us-west-1

src/librustc_lint/unused.rs

@@ -29,7 +29,8 @@ use rustc::hir;
 declare_lint! {
     pub UNUSED_MUST_USE,
     Warn,
-    "unused result of a type flagged as #[must_use]"
+    "unused result of a type flagged as #[must_use]",
+    report_in_external_macro: true
 }
 
 declare_lint! {

src/librustc_resolve/resolve_imports.rs

@@ -36,7 +36,6 @@ use syntax_pos::{MultiSpan, Span};
 
 use std::cell::{Cell, RefCell};
 use std::collections::BTreeMap;
-use std::fmt::Write;
 use std::{mem, ptr};
 
 /// Contains data for specific types of import directives.
@@ -778,17 +777,14 @@ impl<'a, 'b:'a, 'c: 'b> ImportResolver<'a, 'b, 'c> {
 
             let msg = format!("`{}` import is ambiguous", name);
             let mut err = self.session.struct_span_err(span, &msg);
-            let mut suggestion_choices = String::new();
+            let mut suggestion_choices = vec![];
             if external_crate.is_some() {
-                write!(suggestion_choices, "`::{}`", name);
+                suggestion_choices.push(format!("`::{}`", name));
                 err.span_label(span,
                     format!("can refer to external crate `::{}`", name));
             }
             if let Some(result) = results.module_scope {
-                if !suggestion_choices.is_empty() {
-                    suggestion_choices.push_str(" or ");
-                }
-                write!(suggestion_choices, "`self::{}`", name);
+                suggestion_choices.push(format!("`self::{}`", name));
                 if uniform_paths_feature {
                     err.span_label(result.span,
                         format!("can refer to `self::{}`", name));
@@ -801,7 +797,7 @@ impl<'a, 'b:'a, 'c: 'b> ImportResolver<'a, 'b, 'c> {
                 err.span_label(result.span,
                     format!("shadowed by block-scoped `{}`", name));
             }
-            err.help(&format!("write {} explicitly instead", suggestion_choices));
+            err.help(&format!("write {} explicitly instead", suggestion_choices.join(" or ")));
             if uniform_paths_feature {
                 err.note("relative `use` paths enabled by `#![feature(uniform_paths)]`");
             } else {

src/libstd/sys/unix/process/process_common.rs

@@ -141,6 +141,10 @@ impl Command {
     pub fn get_argv(&self) -> &Vec<*const c_char> {
         &self.argv.0
     }
+    #[cfg(not(target_os = "fuchsia"))]
+    pub fn get_program(&self) -> &CString {
+        return &self.program;
+    }
 
     #[allow(dead_code)]
     pub fn get_cwd(&self) -> &Option<CString> {
@@ -244,6 +248,10 @@ impl CStringArray {
     pub fn as_ptr(&self) -> *const *const c_char {
         self.ptrs.as_ptr()
     }
+    #[cfg(not(target_os = "fuchsia"))]
+    pub fn get_items(&self) -> &[CString] {
+        return &self.items;
+    }
 }
 
 fn construct_envp(env: BTreeMap<DefaultEnvKey, OsString>, saw_nul: &mut bool) -> CStringArray {

src/libstd/sys/unix/process/process_unix.rs

@@ -8,6 +8,8 @@
 // option. This file may not be copied, modified, or distributed
 // except according to those terms.
 
+use env;
+use ffi::CString;
 use io::{self, Error, ErrorKind};
 use libc::{self, c_int, gid_t, pid_t, uid_t};
 use ptr;
@@ -39,13 +41,15 @@ impl Command {
             return Ok((ret, ours))
         }
 
+        let possible_paths = self.compute_possible_paths(envp.as_ref());
+
         let (input, output) = sys::pipe::anon_pipe()?;
 
         let pid = unsafe {
             match cvt(libc::fork())? {
                 0 => {
                     drop(input);
-                    let err = self.do_exec(theirs, envp.as_ref());
+                    let err = self.do_exec(theirs, envp.as_ref(), possible_paths);
                     let errno = err.raw_os_error().unwrap_or(libc::EINVAL) as u32;
                     let bytes = [
                         (errno >> 24) as u8,
@@ -113,12 +117,48 @@ impl Command {
                                   "nul byte found in provided data")
         }
 
+        let possible_paths = self.compute_possible_paths(envp.as_ref());
         match self.setup_io(default, true) {
-            Ok((_, theirs)) => unsafe { self.do_exec(theirs, envp.as_ref()) },
+            Ok((_, theirs)) => unsafe { self.do_exec(theirs, envp.as_ref(), possible_paths) },
             Err(e) => e,
         }
     }
 
+    fn compute_possible_paths(&self, maybe_envp: Option<&CStringArray>) -> Option<Vec<CString>> {
+        let program = self.get_program().as_bytes();
+        if program.contains(&b'/') {
+            return None;
+        }
+        // Outside the match so we can borrow it for the lifetime of the function.
+        let parent_path = env::var("PATH").ok();
+        let paths = match maybe_envp {
+            Some(envp) => {
+                match envp.get_items().iter().find(|var| var.as_bytes().starts_with(b"PATH=")) {
+                    Some(p) => &p.as_bytes()[5..],
+                    None => return None,
+                }
+            },
+            // maybe_envp is None if the process isn't changing the parent's env at all.
+            None => {
+                match parent_path.as_ref() {
+                    Some(p) => p.as_bytes(),
+                    None => return None,
+                }
+            },
+        };
+
+        let mut possible_paths = vec![];
+        for path in paths.split(|p| *p == b':') {
+            let mut binary_path = Vec::with_capacity(program.len() + path.len() + 1);
+            binary_path.extend_from_slice(path);
+            binary_path.push(b'/');
+            binary_path.extend_from_slice(program);
+            let c_binary_path = CString::new(binary_path).unwrap();
+            possible_paths.push(c_binary_path);
+        }
+        return Some(possible_paths);
+    }
+
     // And at this point we've reached a special time in the life of the
     // child. The child must now be considered hamstrung and unable to
     // do anything other than syscalls really. Consider the following
@@ -152,7 +192,8 @@ impl Command {
     unsafe fn do_exec(
         &mut self,
         stdio: ChildPipes,
-        maybe_envp: Option<&CStringArray>
+        maybe_envp: Option<&CStringArray>,
+        maybe_possible_paths: Option<Vec<CString>>,
     ) -> io::Error {
         use sys::{self, cvt_r};
 
@@ -193,9 +234,6 @@ impl Command {
         if let Some(ref cwd) = *self.get_cwd() {
             t!(cvt(libc::chdir(cwd.as_ptr())));
         }
-        if let Some(envp) = maybe_envp {
-            *sys::os::environ() = envp.as_ptr();
-        }
 
         // emscripten has no signal support.
         #[cfg(not(any(target_os = "emscripten")))]
@@ -231,8 +269,53 @@ impl Command {
             t!(callback());
         }
 
-        libc::execvp(self.get_argv()[0], self.get_argv().as_ptr());
-        io::Error::last_os_error()
+        // If the program isn't an absolute path, and our environment contains a PATH var, then we
+        // implement the PATH traversal ourselves so that it honors the child's PATH instead of the
+        // parent's. This mirrors the logic that exists in glibc's execvpe, except using the
+        // child's env to fetch PATH.
+        match maybe_possible_paths {
+            Some(possible_paths) => {
+                let mut pending_error = None;
+                for path in possible_paths {
+                    libc::execve(
+                        path.as_ptr(),
+                        self.get_argv().as_ptr(),
+                        maybe_envp.map(|envp| envp.as_ptr()).unwrap_or_else(|| *sys::os::environ())
+                    );
+                    let err = io::Error::last_os_error();
+                    match err.kind() {
+                        io::ErrorKind::PermissionDenied => {
+                            // If we saw a PermissionDenied, and none of the other entries in
+                            // $PATH are successful, then we'll return the first EACCESS we see.
+                            if pending_error.is_none() {
+                                pending_error = Some(err);
+                            }
+                        },
+                        // Errors which indicate we failed to find a file are ignored and we try
+                        // the next entry in the path.
+                        io::ErrorKind::NotFound | io::ErrorKind::TimedOut => {
+                            continue
+                        },
+                        // Any other error means we found a file and couldn't execute it.
+                        _ => {
+                            return err;
+                        }
+                    }
+                }
+                if let Some(err) = pending_error {
+                    return err;
+                }
+                return io::Error::from_raw_os_error(libc::ENOENT);
+            },
+            _ => {
+                libc::execve(
+                    self.get_argv()[0],
+                    self.get_argv().as_ptr(),
+                    maybe_envp.map(|envp| envp.as_ptr()).unwrap_or_else(|| *sys::os::environ())
+                );
+                return io::Error::last_os_error()
+            }
+        }
     }
 
     #[cfg(not(any(target_os = "macos", target_os = "freebsd",