Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[cctools] fix ar(1) crash without argument, closes #7. #8

Merged
merged 1 commit into from
Oct 3, 2023
Merged

[cctools] fix ar(1) crash without argument, closes #7. #8

merged 1 commit into from
Oct 3, 2023

Conversation

biergaizi
Copy link
Contributor

@biergaizi biergaizi commented Apr 25, 2023
edited
Loading

In ar(1), strcmp() checks are used to determine the value of argument argv[1], even when no argument is given. In the past, they were possibly harmless out-of-bound reads and comparison with garbage, without consequences.

However, running it on macOS 13 w/ Apple Silicon immediately crashes it with Segmentation Fault, because argv[1] is now NULL and generates EXC_BAD_ACCESS in strcmp().

This commit checks whether argc is equal or greater than 2 before doing strcmp() to resolve Issue #7.

$ ./bin/ar
Segmentation fault: 11

* thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x0) frame #0: 0x0000000193181460 libsystem_platform.dylib`_platform_strcmp + 144 libsystem_platform.dylib`:
->  0x193181460 <+144>: ldr    q0, [x0], #0x10
    0x193181464 <+148>: ldr    q1, [x1], #0x10
    0x193181468 <+152>: cmeq.16b v1, v0, v1
    0x19318146c <+156>: and.16b v0, v0, v1
Target 0: (ar) stopped.
(lldb) bt
* thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x0)
  * frame #0: 0x0000000193181460 libsystem_platform.dylib`_platform_strcmp + 144
    frame #1: 0x0000000100006440 ar`main(argc=1, argv=0x000000016fdfef58) at ar.c:126:8
    frame #2: 0x0000000192e2be50 dyld`start + 2544

@biergaizi
[cctools] fix ar(1) crash without argument, closes iains#7.
86d7771 
In ar(1), strcmp() checks are used to determine the value
of argument argv[1], even when no argument is given. In the
past, they were possibly harmless out-of-bound reads and
comparison with garbage, without consequences.

However, running it on macOS 13 w/ Apple Silicon immediately
crashes it with Segmentation Fault, because argv[1] is now
NULL and generates EXC_BAD_ACCESS in strcmp().

This commit checks whether argc is equal or greater than 2
before doing strcmp().

$ ./bin/ar
Segmentation fault: 11

* thread grobian#1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x0)
    frame #0: 0x0000000193181460 libsystem_platform.dylib`_platform_strcmp + 144
libsystem_platform.dylib`:
->  0x193181460 <+144>: ldr    q0, [x0], #0x10
    0x193181464 <+148>: ldr    q1, [x1], #0x10
    0x193181468 <+152>: cmeq.16b v1, v0, v1
    0x19318146c <+156>: and.16b v0, v0, v1
Target 0: (ar) stopped.
(lldb) bt
* thread grobian#1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x0)
  * frame #0: 0x0000000193181460 libsystem_platform.dylib`_platform_strcmp + 144
    frame grobian#1: 0x0000000100006440 ar`main(argc=1, argv=0x000000016fdfef58) at ar.c:126:8
    frame grobian#2: 0x0000000192e2be50 dyld`start + 2544

Signed-off-by: Yifeng Li <[email protected]>
@biergaizi biergaizi mentioned this pull request Apr 25, 2023
Closed
@cooljeanius
Copy link

While you're in the area, I wonder if it's worthwhile to change the calls to strcmp to strncmp as well?

@biergaizi
Copy link
Contributor Author

biergaizi commented Apr 26, 2023
edited
Loading

I wonder if it's worthwhile to change the calls to strcmp to strncmp as well?

I don't think it's worthwhile. While strcmp() in general should be avoided, in thin particular case, the strings in **argv from the system are always valid, as long as both string inputs are not NULL to strcmp(), it's perfectly safe.

cooljeanius
cooljeanius approved these changes Oct 2, 2023
View reviewed changes
Copy link

@cooljeanius cooljeanius left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this is also in PR #4 but that's ok; it's probably better to get this one in first since it's smaller and stand-alone

@cooljeanius
Copy link

I wonder if it's worthwhile to change the calls to strcmp to strncmp as well?

I don't think it's worthwhile. While strcmp() in general should be avoided, in thin particular case, the strings in **argv from the system are always valid, as long as both string inputs are not NULL to strcmp(), it's perfectly safe.

Hmmm @iains WDYT?

@cooljeanius cooljeanius mentioned this pull request Oct 2, 2023
Closed
@iains
Copy link
Owner

iains commented Oct 3, 2023
edited
Loading

in some cases, I'd agree that changing to strncmp makes sense (e.g. if we allocated the space and we know what it is). However in the case of the strings passed as argv[], the OS allocated the space, we have no idea what the correct 'n' would be - we have to trust that the OS makes a valid process launch (absent any mechanism to determine something different).

so I think we're fine here to just check for missing argv[]s

@iains iains merged commit 4defc01 into iains:darwin-xtools-2-2-4 Oct 3, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cooljeanius cooljeanius cooljeanius approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@biergaizi @cooljeanius @iains