diff options
author | Rob Landley <rob@landley.net> | 2016-10-08 17:27:12 -0500 |
---|---|---|
committer | Rob Landley <rob@landley.net> | 2016-10-08 17:27:12 -0500 |
commit | 6928fbc3a11c862a576433f17c73a2133a8c7d26 (patch) | |
tree | 9942d90a734156d945c1fa246dc30db6d3108d9f | |
parent | cefc0a2183f57173dab47cf89fcb37e7a827f258 (diff) | |
download | toybox-6928fbc3a11c862a576433f17c73a2133a8c7d26.tar.gz |
Evgenii Stepanov found a bug where argv0len was set wrong for threads
(no /proc/$PID/cmdline so setting was skipped and previous value retained),
which led to memcpy() with an overlapping source/dest range (annoying asan).
Fix: move temp variable and assignment outside the if() statement so we assign
zero if we can''t read the file.
-rw-r--r-- | toys/posix/ps.c | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/toys/posix/ps.c b/toys/posix/ps.c index 011a43e3..7a8327f3 100644 --- a/toys/posix/ps.c +++ b/toys/posix/ps.c @@ -815,10 +815,10 @@ static int get_ps(struct dirtree *new) // Data we want is in a file. // Last length saved in slot[] is command line (which has embedded NULs) } else { + int temp = 0; // When command has no arguments, don't space over the NUL if (readfileat(fd, buf, buf, &len) && len>0) { - int temp = 0; // Trim trailing whitespace and NUL bytes while (len) @@ -836,10 +836,11 @@ static int get_ps(struct dirtree *new) } else if (!TT.tty && c<' ') c = '?'; buf[i] = c; } - // Store end of argv[0] so ARGS and CMDLINE can differ. - // We do it for each file string slot but last is cmdline, which sticks. - slot[SLOT_argv0len] = temp ? temp : len; // Position of _first_ NUL } else *buf = len = 0; + + // Store end of argv[0] so ARGS and CMDLINE can differ. + // We do it for each file string slot but last is cmdline, which sticks. + slot[SLOT_argv0len] = temp ? temp : len; // Position of _first_ NUL } // Above calculated/retained len, so we don't need to re-strlen. |