[Toybox] memcpy overlap in ps

Evgenii Stepanov eugenis at google.com
Mon Oct 10 10:49:31 PDT 2016


On Sat, Oct 8, 2016 at 3:35 PM, Rob Landley <rob at landley.net> wrote:
> On 10/07/2016 03:38 PM, Evgenii Stepanov wrote:
>> Looks like this happens when /proc/$PID/cmdline is empty, which is
>> true for "kthreadd" on android.
>> Numbered strings below are ptb->str + ptb->offset[i].
>> For some reason ptb->slot[SLOT_argv0len] == 8 when cmdline is empty,
>> but I don't see where it's coming from.
>> And ptb->str + ptb->offset[4] + ptb->slot[SLOT_argv0len] overlaps with
>> buf; and there are no "/" characters in cmdline to limit the memcpy
>> range.
>> Looks like a bug?
>
> Yes it does.
>
> Sigh, I was too clever and omitted a test because the result should be
> overwritten later, but there's a case where the result _isn't_
> overwritten later, and thus... Actually I can just move the assignment
> one curly bracket out and that should fix it.
>
> However, there's another bug, which is manifesting in "CMDLINE" showing
> the arguments but not the command name... Ah, I see. "ps -w" isn't
> disabling the "truncate this field to fit its assigned width" logic.
> (It's making the screen width 99999, but only the last field gets
> arbitrarily expanded. I tested with "ps -awO cmdline" and that inserts
> the new field in the middle, which means even with -w it's getting
> truncated to the field width of 27.)
>
> Hmmm... we've already got overflow logic for numeric fields (which can
> extend into later fields and then it reclaims extra spaces when it can
> to adjust things back to line up later), I'll just have -w trigger that
> for all fields.
>
> Ok, I've checked both in, did that fix it for you?

Yes, the report is gone. Thanks!

>
> Rob


More information about the Toybox mailing list