Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Heap buffer underflow in find_argv_from_env #131

Open
itamaro opened this issue May 21, 2023 · 2 comments
Open

Heap buffer underflow in find_argv_from_env #131

itamaro opened this issue May 21, 2023 · 2 comments

Comments

@itamaro
Copy link

itamaro commented May 21, 2023

When running one of our applications that uses setproctitle under clang ASAN, it detected a heap buffer underflow in find_argv_from_env.

This gist (and this godbolt) demonstrate the issue using a minimal test program that copies find_argv_from_env with minor modifications to build standalone.

when running with one arg (e.g. ./test 1) it fires on if (*ptr) ..., and when running with no args (e.g. ./test) it fires on if (strcmp(ptr, arg0)) ....

The gist includes the full output from both runs.
@dvarrazzo
Copy link
Owner

Will look into that, thank you for the report.

If you would like to provide a MR, as you have these tools already set up, it would be welcome.

@itamaro
Copy link
Author

itamaro commented May 23, 2023

If you would like to provide a MR, as you have these tools already set up, it would be welcome.

I'd be happy to send one, but I don't know how to fix the issue :)
If you have guidance, I can give it a try and test again

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dvarrazzo @itamaro