pargs crashes on growing env
I've seen some strange pargs core dumps. Sometimes pargs dies when the target process adds environment variables. The problem is in get_env() and build_env(). We iterate two times over the environment strings. The first time to check the number of elements in order to determine the buffer size. Then we allocate the buffer and iterate again to fill this buffer. Meanwhile the target process has added some strings to the environment and the second iteration would fill too many strings into the buffer. There is no overflow protection.
I've attached a little reproducer.
Updated by Electric Monk over 5 years ago
- Status changed from New to Closed
- % Done changed from 0 to 100
commit 23a268cfbc75530b746495f3e157b9bc71069420 Author: Simon Klinkert <firstname.lastname@example.org> Date: 2016-04-28T18:16:52.000Z 6565 pargs crashes on growing env Reviewed by: Robert Mustacchi <email@example.com> Reviewed by: Toomas Soome <firstname.lastname@example.org> Approved by: Dan McDonald <email@example.com>