diff options
| author | Sergey Bugaev <bugaevc@gmail.com> | 2023-06-21 13:56:38 +0300 |
|---|---|---|
| committer | Samuel Thibault <samuel.thibault@ens-lyon.org> | 2023-06-21 15:13:40 +0200 |
| commit | bf8d582c115e29c5c89a65d70309d5f75fca4512 (patch) | |
| tree | aadb0ab9c9a2f16564fd5c4f38898744e7686e5a | |
| parent | 011c50286ea8fb98c547502a6e3f1d8c5d304ca1 (diff) | |
proc: Fix pointer truncation in get_string_array
Due to little-endianness of x86, this resulted in a 64-bit pointers that
pointed to the lower 4 GB of the address space being treated as a 32-bit
pointer followed by NULL, which manifested as only the first program arg
(the argv[0]) being visible in ps output. When a pointer pointed outside
of the lower 4 GB, this resulted in both halves being treated as invalid
pointers, causing proc_getprocargs () to fail with KERN_INVALID_ADDRESS,
which manifested as ps displaying COMMAND for the affected process as ?.
Found by placing all memory above the 4 GB limit, which made it apparent
that something about fetching process command lines is seriously broken.
Before:
USER PID PPID TTY TIME COMMAND
0 1 1 - 0:00.00 /hurd/init
0 2 1 - 0:00.05 /hurd/startup
0 3 2 ? 0:02.80 ?
0 4 2 ? 0:00.00 /hurd/proc
0 5 2 - 0:00.08 ?
0 6 5 - 0:00.02 ?
0 7 2 - 0:00.00 /hurd/auth
0 9 1 - 0:00.01 /hurd/term
0 13 1 - 0:00.11 /hurd/mach-defpager
0 15 1 - 0:00.00 /bin/bash
0 16 5 - 0:00.00 /hurd/pflocal
0 18 15 - 0:00.00 /bin/sh
0 20 18 - 0:00.00 ps-hurd
After:
USER PID PPID TTY TIME COMMAND
0 1 1 - 0:00.01 /hurd/init -a
0 2 1 - 0:00.03 /hurd/startup --kernel-task=1 console=com0
0 3 2 ? 0:01.36 gnumach --kernel-task=1 console=com0
0 4 2 ? 0:00.00 /hurd/proc --kernel-task=1
0 5 2 - 0:00.06 ext2fs --multiboot-command-line=console=com0
0 6 5 - 0:00.00 /hurd/exec --device-master-port=1
0 7 2 - 0:00.02 /hurd/auth
0 9 1 - 0:00.00 /hurd/term /dev/console device console
0 13 1 - 0:00.09 /hurd/mach-defpager
0 15 1 - 0:00.00 /bin/bash /usr/libexec/runsystem.hurd
0 16 5 - 0:00.00 /hurd/pflocal
0 18 15 - 0:00.00 /bin/sh
0 19 18 - 0:00.01 ps-hurd -ef
Message-Id: <20230621105638.1045306-1-bugaevc@gmail.com>
| -rw-r--r-- | proc/info.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/proc/info.c b/proc/info.c index d84fdd45..2d85662d 100644 --- a/proc/info.c +++ b/proc/info.c @@ -274,7 +274,7 @@ get_string (task_t t, static error_t get_vector (task_t task, vm_address_t addr, - int **vec) + vm_address_t **vec) { vm_address_t readaddr; vm_size_t readsize; @@ -332,7 +332,7 @@ get_string_array (task_t t, mach_msg_type_number_t *buflen) { char *bp; - int *vector, *vp; + vm_address_t *vector, *vp; error_t err; vm_address_t origbuf = *buf; |