[Toybox] [PATCH] taskset: fix buffer overflow from long mask
Rob Landley
rob at landley.net
Mon Aug 4 08:32:05 PDT 2025
I composed this long ago while my laptop wasn't connected to the net,
and it got buried behind other windows unsent. Not sure how relevant it
still is but for the record...
On 6/24/25 02:21, Jesse Rosenstock wrote:
> On Mon, Jun 23, 2025 at 10:22 PM Rob Landley <rob at landley.net> wrote:
>> tl;dr: commit 105a72fd53c2
>
> This handles long masks differently than util-linux:
It handles them the way my debian variant laptop handles them:
$ taskset $( printf %99999s | tr ' ' 0 )f echo ok
ok
$ dpkg-query -S $(which taskset)
util-linux: /usr/bin/taskset
landley at driftwood:~/linux/linux$ aptitude show util-linux | grep Version
Version: 2.38.1-5+deb12u3devuan1
If util-linux has had version skew and behaves inconsistently, I'm not
sure this is a good thing to test?
>> To be honest, I'm pretty sure I used 4096 there so I wouldn't have to
>> wrap the line at 80 chars. :)
>
> Seems likely, since sizeof(toybox) is used above and the formatting is
> scrunched.
>
>> Fuzz? Ah, your first hunk starts with a blank line instead of the
>> comment added in commit 5afab26b9c98 three years ago.
>
> I'm sorry for that. I made the patch against a version in our
> monorepo that I had
> assumed was up-to-date. It won't happen again.
Long ago I wrote up an explanation for busybox's faq about why open
source projects are so fiddly about current versions:
https://git.busybox.net/busybox/commit/?id=95718b3091
Then Denys added a large busybox-specific blob into the middle of it, so
it could no longer serve as a model for other open source projects:
https://git.busybox.net/busybox-website/commit/?id=b5b49db05179
I keep meaning to port a lot of my old FAQ entries to toybox's FAQ,
but... there was a pandemic, and a move across country, and some orange
idiot driving friends of mine to move overseas...
>> So the next obvious thing to do is "taskset 2 taskset", which doesn't
>> work because running taskset with no arguments doesn't tell you the
>> current process's mask (inherited from the parent process)
>
> I would like this, too. I can try sending util-linux a patch if you
> don't want to.
It's easy to make work, the question is whether diverging from the
gnu/dammit (or the linux/notinventedhere) version is worth it.
I suppose I could add "taskset -u" to act like a unix command. Only
produce output when it means something, do so in easily machine
parseable format, treat no arguments as a request for information....
while I'm at it, have -up accept multiple -p arguments because HONESTLY...
$ (taskset -p 1 $PID $BASHPID)
pid 15207's current affinity mask: 1
pid 15207's new affinity mask: 1
That's just LEVELS of wrong...
(Should I fix -p for non-u, or continue to match the TERRIBLY DESIGNED
upstream taskset...)
Rob
More information about the Toybox
mailing list