[Toybox] memcpy overlap in ps
enh
enh at google.com
Mon Oct 3 17:22:34 PDT 2016
from the AOSP gerrit (fixing internal bug 30074257). i've been meaning
to look at this more closely for a couple of months, but haven't found
the time. i too wasn't sure whether switching to memmove was actually
the fix or just papering over a real problem...
Evgenii Stepanov has uploaded a new change for review.
( https://googleplex-android-review.git.corp.google.com/1504922 )
Change subject: Replace one memcpy with memmove.
......................................................................
Replace one memcpy with memmove.
ASan says that memcpy in ps.c:767 may have overlapping input and
output buffers.
AddressSanitizer: memcpy-param-overlap: memory ranges
[0x005579b8494b,0x005579b84953) and [0x005579b8494a, 0x005579b84952)
overlap
#0 0x7cdfb3d7cf in __asan_memcpy [asan_rtl] (discriminator 55)
#1 0x5579b4baa3 in get_ps external/toybox/toys/posix/ps.c:767
#2 0x5579aeef2b in dirtree_handle_callback external/toybox/lib/dirtree.c:111
#3 0x5579aef0b7 in dirtree_recurse external/toybox/lib/dirtree.c:154
#4 0x5579aeefbf in dirtree_handle_callback external/toybox/lib/dirtree.c:114
#5 0x5579b48217 in ps_main external/toybox/toys/posix/ps.c:1219
#6 0x5579afb887 in toy_exec external/toybox/main.c:153 (discriminator 1)
#7 0x5579afae2b in toybox_main external/toybox/main.c:166 (discriminator 1)
#8 0x5579afba23 in main external/toybox/main.c:225
This does look intentional, so replacing memcpy with memmove. I'm not
a 100% sure this is right though (not even 80%).
Test: "adb shell ps" in a SANITIZE_TARGET=address build
Change-Id: I7b1d8a251feaf8c4b7261a4bbb21bf742cdc3ff0
---
M toys/posix/ps.c
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/toys/posix/ps.c b/toys/posix/ps.c
index 011a43e..5871f4c 100644
--- a/toys/posix/ps.c
+++ b/toys/posix/ps.c
@@ -764,7 +764,7 @@
}
}
if (i<len) len = i;
- memcpy(buf, s, len);
+ memmove(buf, s, len);
buf[len] = 0;
}
More information about the Toybox
mailing list