From 6928fbc3a11c862a576433f17c73a2133a8c7d26 Mon Sep 17 00:00:00 2001 From: Rob Landley Date: Sat, 8 Oct 2016 17:27:12 -0500 Subject: Evgenii Stepanov found a bug where argv0len was set wrong for threads (no /proc/$PID/cmdline so setting was skipped and previous value retained), which led to memcpy() with an overlapping source/dest range (annoying asan). Fix: move temp variable and assignment outside the if() statement so we assign zero if we can''t read the file. --- toys/posix/ps.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'toys/posix') diff --git a/toys/posix/ps.c b/toys/posix/ps.c index 011a43e3..7a8327f3 100644 --- a/toys/posix/ps.c +++ b/toys/posix/ps.c @@ -815,10 +815,10 @@ static int get_ps(struct dirtree *new) // Data we want is in a file. // Last length saved in slot[] is command line (which has embedded NULs) } else { + int temp = 0; // When command has no arguments, don't space over the NUL if (readfileat(fd, buf, buf, &len) && len>0) { - int temp = 0; // Trim trailing whitespace and NUL bytes while (len) @@ -836,10 +836,11 @@ static int get_ps(struct dirtree *new) } else if (!TT.tty && c<' ') c = '?'; buf[i] = c; } - // Store end of argv[0] so ARGS and CMDLINE can differ. - // We do it for each file string slot but last is cmdline, which sticks. - slot[SLOT_argv0len] = temp ? temp : len; // Position of _first_ NUL } else *buf = len = 0; + + // Store end of argv[0] so ARGS and CMDLINE can differ. + // We do it for each file string slot but last is cmdline, which sticks. + slot[SLOT_argv0len] = temp ? temp : len; // Position of _first_ NUL } // Above calculated/retained len, so we don't need to re-strlen. -- cgit v1.2.3