public inbox for cygwin-cvs@sourceware.org
help / color / mirror / Atom feed
* [newlib-cygwin/cygwin-3_4-branch] Cygwin: Fix segfalt when too many command line args are specified.
@ 2023-08-28 16:00 Takashi Yano
0 siblings, 0 replies; only message in thread
From: Takashi Yano @ 2023-08-28 16:00 UTC (permalink / raw)
To: cygwin-cvs
https://sourceware.org/git/gitweb.cgi?p=newlib-cygwin.git;h=33cddf77974f9849cf8edafe9b3da46591b73d6e
commit 33cddf77974f9849cf8edafe9b3da46591b73d6e
Author: Takashi Yano <takashi.yano@nifty.ne.jp>
Date: Mon Aug 28 22:14:41 2023 +0900
Cygwin: Fix segfalt when too many command line args are specified.
Previously, the number of command line args was not checked for
cygwin process. Due to this, segmentation fault was caused if too
many command line args are specified.
https://cygwin.com/pipermail/cygwin/2023-August/254333.html
Since char *argv[argc + 1] is placed on the stack in dll_crt0_1(),
STATUS_STACK_OVERFLOW occurs if the stack does not have enough
space.
With this patch, char *argv[] is placed in heap instead of stack
and ARG_MAX is increased from 32000 to 2097152 which is default
value of Linux. The argument length is also compared with ARG_MAX
and spawnve() returns E2BIG if it is too long.
Reported-by: Ed Morton
Reviewed-by: Corinna Vinschen <corinna@vinschen.de>
Signed-off-by: Takashi Yano <takashi.yano@nifty.ne.jp>
Diff:
---
winsup/cygwin/dcrt0.cc | 7 ++-----
winsup/cygwin/local_includes/winsup.h | 4 ++++
winsup/cygwin/release/3.4.9 | 3 +++
winsup/cygwin/spawn.cc | 9 ++++++++-
winsup/cygwin/sysconf.cc | 2 +-
5 files changed, 18 insertions(+), 7 deletions(-)
diff --git a/winsup/cygwin/dcrt0.cc b/winsup/cygwin/dcrt0.cc
index 49b7a44ae..1d8810546 100644
--- a/winsup/cygwin/dcrt0.cc
+++ b/winsup/cygwin/dcrt0.cc
@@ -978,11 +978,8 @@ dll_crt0_1 (void *)
a change to an element of argv[] it does not affect Cygwin's argv.
Changing the the contents of what argv[n] points to will still
affect Cygwin. This is similar (but not exactly like) Linux. */
- char *newargv[__argc + 1];
- char **nav = newargv;
- char **oav = __argv;
- while ((*nav++ = *oav++) != NULL)
- continue;
+ char **newargv = (char **) malloc ((__argc + 1) * sizeof (char *));
+ memcpy (newargv, __argv, (__argc + 1) * sizeof (char *));
/* Handle any signals which may have arrived */
sig_dispatch_pending (false);
_my_tls.call_signal_handler ();
diff --git a/winsup/cygwin/local_includes/winsup.h b/winsup/cygwin/local_includes/winsup.h
index 43dfbf46f..2d51722f3 100644
--- a/winsup/cygwin/local_includes/winsup.h
+++ b/winsup/cygwin/local_includes/winsup.h
@@ -68,6 +68,10 @@ uint32_t cygwin_inet_addr (const char *cp);
application provided path strings we handle. */
#define NT_MAX_PATH 32768
+/* CYG_ARG_MAX is the maximum total length of command line args.
+ The value 2097152 is the default ARG_MAX value in Linux. */
+#define CYG_ARG_MAX 2097152
+
/* This definition allows to define wide char strings using macros as
parameters. See the definition of __CONCAT in newlib's sys/cdefs.h
and accompanying comment. */
diff --git a/winsup/cygwin/release/3.4.9 b/winsup/cygwin/release/3.4.9
index 2f2da9e13..53c4e5fc8 100644
--- a/winsup/cygwin/release/3.4.9
+++ b/winsup/cygwin/release/3.4.9
@@ -8,3 +8,6 @@ Bug Fixes
- For the time being, disable creating special files using mknod/mkfifo
on NFS.
Addresses: https://cygwin.com/pipermail/cygwin/2023-August/254266.html
+
+- Fix segfault when too many command line args are specified.
+ Addresses: https://cygwin.com/pipermail/cygwin/2023-August/254333.html
diff --git a/winsup/cygwin/spawn.cc b/winsup/cygwin/spawn.cc
index 32ba5b377..c4888e823 100644
--- a/winsup/cygwin/spawn.cc
+++ b/winsup/cygwin/spawn.cc
@@ -340,8 +340,9 @@ child_info_spawn::worker (const char *prog_arg, const char *const *argv,
We need to quote any argument that has whitespace or embedded "'s. */
int ac;
+ size_t arg_len = 0;
for (ac = 0; argv[ac]; ac++)
- /* nothing */;
+ arg_len += strlen (argv[ac]) + 1;
int err;
const char *ext;
@@ -510,6 +511,12 @@ child_info_spawn::worker (const char *prog_arg, const char *const *argv,
__leave;
}
set (chtype, real_path.iscygexec ());
+ if (iscygwin () && arg_len > (size_t) sysconf (_SC_ARG_MAX))
+ {
+ set_errno (E2BIG);
+ res = -1;
+ __leave;
+ }
__stdin = in__stdin;
__stdout = in__stdout;
record_children ();
diff --git a/winsup/cygwin/sysconf.cc b/winsup/cygwin/sysconf.cc
index 2db92e4de..7cdfbdb9d 100644
--- a/winsup/cygwin/sysconf.cc
+++ b/winsup/cygwin/sysconf.cc
@@ -485,7 +485,7 @@ static struct
};
} sca[] =
{
- {cons, {c:ARG_MAX}}, /* 0, _SC_ARG_MAX */
+ {cons, {c:CYG_ARG_MAX}}, /* 0, _SC_ARG_MAX */
{cons, {c:CHILD_MAX}}, /* 1, _SC_CHILD_MAX */
{cons, {c:CLOCKS_PER_SEC}}, /* 2, _SC_CLK_TCK */
{cons, {c:NGROUPS_MAX}}, /* 3, _SC_NGROUPS_MAX */
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2023-08-28 16:00 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-08-28 16:00 [newlib-cygwin/cygwin-3_4-branch] Cygwin: Fix segfalt when too many command line args are specified Takashi Yano
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).