[Toybox] [PATCH] taskset: fix buffer overflow from long mask
Jesse Rosenstock
jmr at google.com
Mon Jun 23 08:38:02 PDT 2025
Previously, a long mask on the command line would overrun toybuf.
Use sizeof(toybuf) rather than 4096 when calling sched_getaffinity;
maybe toybuf's size will change.
Tested:
% toybox taskset $( yes f | head -n 8193 | tr -d '\n' ) true
taskset: mask too long
The util-linux taskset handles masks longer than zsh can construct:
taskset $( yes f | head -n 131000 | tr -d '\n' ) true
--- a/toys/other/taskset.c 2019-06-12 19:36:37.000000000 +0200
+++ b/toys/other/taskset.c 2025-06-23 14:47:26.000000000 +0200
@@ -74,6 +74,7 @@
memset(toybuf, 0, sizeof(toybuf));
k = strlen(s = *toys.optargs);
+ if (k > 2*sizeof(toybuf)) error_exit("mask too long");
s += k;
for (j = 0; j<k; j++) {
unsigned long digit = *(--s) - '0';
@@ -121,8 +122,9 @@
unsigned i, j, nproc = 0;
// This can only detect 32768 processors. Call getaffinity and count bits.
- if (!toys.optflags && -1!=sched_getaffinity(getpid(), 4096, toybuf)) {
- for (i = 0; i<4096; i++)
+ if (!toys.optflags
+ && -1 != sched_getaffinity(getpid(), sizeof(toybuf), toybuf)) {
+ for (i = 0; i<sizeof(toybuf); i++)
if (toybuf[i]) for (j=0; j<8; j++) if (toybuf[i]&(1<<j)) nproc++;
}
More information about the Toybox
mailing list