[Toybox] [PATCH] taskset: fix buffer overflow from long mask

[Jesse Rosenstock]

On Mon, Aug 4, 2025 at 5:32 PM Rob Landley <rob at landley.net> wrote:
> On 6/24/25 02:21, Jesse Rosenstock wrote:
> > On Mon, Jun 23, 2025 at 10:22 PM Rob Landley <rob at landley.net> wrote:
> >> tl;dr: commit 105a72fd53c2
> >
> > This handles long masks differently than util-linux:
>
> It handles them the way my debian variant laptop handles them:
>
> $ taskset $( printf %99999s | tr ' ' 0 )f echo ok
> ok
> $ dpkg-query -S $(which taskset)
> util-linux: /usr/bin/taskset
> landley at driftwood:~/linux/linux$ aptitude show util-linux | grep Version
> Version: 2.38.1-5+deb12u3devuan1
>
> If util-linux has had version skew and behaves inconsistently, I'm not
> sure this is a good thing to test?

I don't see any version skew. This is what I reported for util-linux in
http://lists.landley.net/pipermail/toybox-landley.net/2025-June/030748.html

The problem is this isn't what toybox does:
% ./toybox taskset $( printf %99999s | tr ' ' 0 )f echo ok
taskset: failed to set pid 1458379's affinity: Invalid argument

Could you take a look at my
http://lists.landley.net/pipermail/toybox-landley.net/2025-June/030748.html
patch again?

> It's easy to make work, the question is whether diverging from the
> gnu/dammit (or the linux/notinventedhere) version is worth it.

I ended up adding zero-pid support to util-linux (which toybox already had).
https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git/commit/?id=6c87a3ac5ee96194e0e461db24b1bbfe369bdb59

> $ (taskset -p 1 $PID $BASHPID)
> pid 15207's current affinity mask: 1
> pid 15207's new affinity mask: 1
>
> That's just LEVELS of wrong...

I think that's just an input validation bug.  Only one pid is
documented as being supported.