[Toybox] [PATCH] xargs: fix for 32-bit.
enh
enh at google.com
Fri Jul 26 14:32:00 PDT 2019
This affects both arm and x86, causing a signed comparison rather than
an unsigned one.
Here's arm:
if (data <= (char *)2) data = 0;
51ecc: 2902 cmp r1, #2
51ece: d905 bls.n 51edc <xargs_main+0x158>
if ((long)data <= 2) data = 0;
51ecc: 2902 cmp r1, #2
51ece: dc02 bgt.n 51ed6 <xargs_main+0x152>
And x86 was similiar (and was where I first stumbled across this bug):
if (data <= (char *)2) data = 0;
73ad7: 83 f8 02 cmp $0x2,%eax
73ada: 76 12 jbe 73aee <xargs_main+0x223>
if ((long)data <= 2) data = 0;
73ad7: 83 f8 02 cmp $0x2,%eax
73ada: 7e 12 jle 73aee <xargs_main+0x223>
For some reason, on the desktop I seem to see heap addresses low enough
to not appear negative, whereas Android seems to fail every time.
jemalloc is presumably more likely to allocate high?
While I'm here, make it clearer that we're ignoring the allocated length
argument to getdelim(), and stop storing the actual length at all
because we don't use it afterwards. This wasn't _wrong_, but it was a
red herring when I started debugging.
---
toys/posix/xargs.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-xargs-fix-for-32-bit.patch
Type: text/x-patch
Size: 2329 bytes
Desc: not available
URL: <http://lists.landley.net/pipermail/toybox-landley.net/attachments/20190726/bed53411/attachment-0002.bin>
More information about the Toybox
mailing list