[Toybox] [PATCH] taskset: fix buffer overflow from long mask
Rob Landley
rob at landley.net
Sat Sep 6 10:00:30 PDT 2025
On 8/27/25 02:50, Jesse Rosenstock wrote:
> On Mon, Aug 4, 2025 at 5:32 PM Rob Landley <rob at landley.net> wrote:
>> On 6/24/25 02:21, Jesse Rosenstock wrote:
>>> On Mon, Jun 23, 2025 at 10:22 PM Rob Landley <rob at landley.net> wrote:
>>>> tl;dr: commit 105a72fd53c2
>>>
>>> This handles long masks differently than util-linux:
>>
>> It handles them the way my debian variant laptop handles them:
>>
>> $ taskset $( printf %99999s | tr ' ' 0 )f echo ok
>> ok
>> $ dpkg-query -S $(which taskset)
>> util-linux: /usr/bin/taskset
>> landley at driftwood:~/linux/linux$ aptitude show util-linux | grep Version
>> Version: 2.38.1-5+deb12u3devuan1
>>
>> If util-linux has had version skew and behaves inconsistently, I'm not
>> sure this is a good thing to test?
>
> I don't see any version skew.
Ah, I see the problem: the test I added was prepadding with 'f' and your
test was prepadding with '0'. Taking the first 4k of data if it's all
leading zeroes would taskset to 0 which is invalid. (Technically the
failure is system-specific: "taskset 10 echo" fails the same way on my
4x laptop because the process could not run on any available processor.)
It's still an insane corner case (even in 6.16 only x86 and powerpc can
be configured for 8192 processors (no actual hardware is anywhere near
that, it's IBM vs Intel dick measuring: arm64 only lets NR_CPUS go to
4096 and even that is aspirational). 8192 is 1k of bitmask in a 4k
toybuf: you are asking the command line tool for something impossible).
But sure, I can take the rightmost 8k of input. Or just skip leading
zeroes? But then I'd still have to sizeof(toybuf) what's left, rightmost
8k is just one test.
Commit 62284825a7b6.
Rob
More information about the Toybox
mailing list