From: Karel Zak <kzak@redhat.com>
To: Sami Kerola <kerolasa@iki.fi>
Cc: util-linux@vger.kernel.org
Subject: Re: [PATCH 10/10] ipcs: fix two data type errors [AddressSanitizer]
Date: Mon, 8 Dec 2014 13:21:02 +0100 [thread overview]
Message-ID: <20141208122102.GF19904@x2.net.home> (raw)
In-Reply-To: <1417355862-16935-11-git-send-email-kerolasa@iki.fi>
On Sun, Nov 30, 2014 at 01:57:42PM +0000, Sami Kerola wrote:
> ==3218==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7fffa577e2b0 at pc 0x4501f9 bp 0x7fffa577e130 sp 0x7fffa577e108
> WRITE of size 112 at 0x7fffa577e2b0 thread T0
> #0 0x4501f8 in shmctl /home/users/aadgrand/LLVM/releases/ubuntu/final/llvm.src/projects/compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc:2502
> #1 0x48bd13 in ipc_shm_get_info /home/travis/build/kerolasa/lelux-utiliteetit/sys-utils/ipcutils.c:157
> #2 0x488884 in do_shm /home/travis/build/kerolasa/lelux-utiliteetit/sys-utils/ipcs.c:279
> #3 0x4844a8 in main /home/travis/build/kerolasa/lelux-utiliteetit/sys-utils/ipcs.c:175
> #4 0x2afb3f8c176c (/lib/x86_64-linux-gnu/libc.so.6+0x2176c)
> #5 0x48408c in _start (/home/travis/build/kerolasa/lelux-utiliteetit/ipcs+0x48408c)
>
> Signed-off-by: Sami Kerola <kerolasa@iki.fi>
> ---
> sys-utils/ipcutils.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/sys-utils/ipcutils.c b/sys-utils/ipcutils.c
> index c45162a..3d5249c 100644
> --- a/sys-utils/ipcutils.c
> +++ b/sys-utils/ipcutils.c
> @@ -98,7 +98,7 @@ int ipc_shm_get_info(int id, struct shm_data **shmds)
> FILE *f;
> int i = 0, maxid;
> struct shm_data *p;
> - struct shm_info dummy;
> + struct shmid_ds dummy;
>
> p = *shmds = xcalloc(1, sizeof(struct shm_data));
> p->next = NULL;
> @@ -154,7 +154,7 @@ int ipc_shm_get_info(int id, struct shm_data **shmds)
>
> /* Fallback; /proc or /sys file(s) missing. */
> shm_fallback:
> - maxid = shmctl(0, SHM_INFO, (struct shmid_ds *) &dummy);
> + maxid = shmctl(0, SHM_INFO, &dummy);
ipc_shm_get_limits() is also broken
The function shmctl() has to be always called with "struct shmid_ds"
and then cast to linux specific shmid_info struct.
It would be nice to check that all the shm/sem/msgctl functions are
really called with proper arguments.
(Or we can define any union and use it as buffer to make sure that
the argument is large enough.)
BTW, horrible API (or I need more coffee to understand this art).
Karel
--
Karel Zak <kzak@redhat.com>
http://karelzak.blogspot.com
next prev parent reply other threads:[~2014-12-08 12:21 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-11-30 13:57 [PATCH 00/10] pull: AddressSanitizer round II Sami Kerola
2014-11-30 13:57 ` [PATCH 01/10] lib/mbalign: fix unsigned integer overflow [AddressSanitizer] Sami Kerola
2014-12-03 23:53 ` Pádraig Brady
2014-12-04 20:14 ` Sami Kerola
2014-12-07 11:56 ` Pádraig Brady
2014-12-08 11:00 ` Karel Zak
2014-12-04 11:51 ` Pádraig Brady
2014-11-30 13:57 ` [PATCH 02/10] cal: fix signed " Sami Kerola
2014-12-08 11:07 ` Karel Zak
2014-11-30 13:57 ` [PATCH 03/10] more: fix unsigned " Sami Kerola
2014-12-08 11:42 ` Karel Zak
2014-12-08 12:56 ` Sami Kerola
2014-12-19 9:20 ` Sami Kerola
2014-11-30 13:57 ` [PATCH 04/10] lib: fix crc32 and crc64 interger overflows [AddressSanitizer] Sami Kerola
2014-11-30 13:57 ` [PATCH 05/10] fdisk: (sgi) fix unsigned integer overflow [AddressSanitizer] Sami Kerola
2014-11-30 13:57 ` [PATCH 06/10] strutils: fix unsigned integer overflows [AddressSanitizer] Sami Kerola
2014-11-30 13:57 ` [PATCH 07/10] mkfs.cramfs: fix unsigned integer overflow [AddressSanitizer] Sami Kerola
2014-12-08 11:37 ` Karel Zak
2014-12-19 9:24 ` Sami Kerola
2014-11-30 13:57 ` [PATCH 08/10] include/c: define UL_ASAN_BLACKLIST address_sanitizer function attribute Sami Kerola
2014-11-30 16:42 ` Benno Schulenberg
2014-12-19 9:50 ` Sami Kerola
2014-11-30 13:57 ` [PATCH 09/10] lscpu: blacklist vmware_bdoor() AddressSanitizer check Sami Kerola
2014-11-30 16:34 ` Benno Schulenberg
2014-11-30 17:17 ` Sami Kerola
2014-11-30 17:27 ` Drake Wilson
2014-11-30 13:57 ` [PATCH 10/10] ipcs: fix two data type errors [AddressSanitizer] Sami Kerola
2014-12-08 12:21 ` Karel Zak [this message]
2014-12-19 9:26 ` Sami Kerola
2014-11-30 14:03 ` [PATCH 00/10] pull: AddressSanitizer round II Sami Kerola
2014-12-15 9:15 ` Karel Zak
2014-12-15 10:38 ` Sami Kerola
2014-12-19 9:52 ` Sami Kerola
2014-12-19 13:23 ` Karel Zak
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20141208122102.GF19904@x2.net.home \
--to=kzak@redhat.com \
--cc=kerolasa@iki.fi \
--cc=util-linux@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).