[Toybox] memcpy overlap in ps

Rob Landley rob at landley.net
Sat Oct 8 15:35:31 PDT 2016


On 10/07/2016 03:38 PM, Evgenii Stepanov wrote:
> Looks like this happens when /proc/$PID/cmdline is empty, which is
> true for "kthreadd" on android.
> Numbered strings below are ptb->str + ptb->offset[i].
> For some reason ptb->slot[SLOT_argv0len] == 8 when cmdline is empty,
> but I don't see where it's coming from.
> And ptb->str + ptb->offset[4] + ptb->slot[SLOT_argv0len] overlaps with
> buf; and there are no "/" characters in cmdline to limit the memcpy
> range.
> Looks like a bug?

Yes it does.

Sigh, I was too clever and omitted a test because the result should be
overwritten later, but there's a case where the result _isn't_
overwritten later, and thus... Actually I can just move the assignment
one curly bracket out and that should fix it.

However, there's another bug, which is manifesting in "CMDLINE" showing
the arguments but not the command name... Ah, I see. "ps -w" isn't
disabling the "truncate this field to fit its assigned width" logic.
(It's making the screen width 99999, but only the last field gets
arbitrarily expanded. I tested with "ps -awO cmdline" and that inserts
the new field in the middle, which means even with -w it's getting
truncated to the field width of 27.)

Hmmm... we've already got overflow logic for numeric fields (which can
extend into later fields and then it reclaims extra spaces when it can
to adjust things back to line up later), I'll just have -w trigger that
for all fields.

Ok, I've checked both in, did that fix it for you?

Rob


More information about the Toybox mailing list