From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from forward500o.mail.yandex.net (forward500o.mail.yandex.net [IPv6:2a02:6b8:0:1a2d::610]) by sourceware.org (Postfix) with ESMTPS id 51E6A3858D3C for ; Fri, 18 Mar 2022 13:18:39 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 51E6A3858D3C Received: from sas2-ef26de91eb96.qloud-c.yandex.net (sas2-ef26de91eb96.qloud-c.yandex.net [IPv6:2a02:6b8:c08:b91e:0:640:ef26:de91]) by forward500o.mail.yandex.net (Yandex) with ESMTP id 4D760941C34; Fri, 18 Mar 2022 16:18:37 +0300 (MSK) Received: from sas2-34ddad429748.qloud-c.yandex.net (sas2-34ddad429748.qloud-c.yandex.net [2a02:6b8:c08:b787:0:640:34dd:ad42]) by sas2-ef26de91eb96.qloud-c.yandex.net (mxback/Yandex) with ESMTP id pFEMQxtqDk-IafOoatl; Fri, 18 Mar 2022 16:18:37 +0300 X-Yandex-Fwd: 2 Received: by sas2-34ddad429748.qloud-c.yandex.net (smtp/Yandex) with ESMTPSA id WSDBl6NzXD-IaJ4cQYb; Fri, 18 Mar 2022 16:18:36 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client certificate not present) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.21\)) Subject: Re: [PATCH 2/2] libelf: Make sure ar_size starts with a digit before calling atol. From: Evgeny Vereshchagin In-Reply-To: Date: Fri, 18 Mar 2022 16:18:35 +0300 Cc: elfutils-devel@sourceware.org, david korczynski Content-Transfer-Encoding: quoted-printable Message-Id: <0BE83669-81F3-4D09-8081-8D725897C02F@ya.ru> References: <20220317133051.100876-1-mark@klomp.org> <20220317133051.100876-3-mark@klomp.org> <96ECD2B9-C299-4285-9399-A3899F52D3BB@ya.ru> To: Mark Wielaard X-Mailer: Apple Mail (2.3445.104.21) X-Spam-Status: No, score=-3.9 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, RCVD_IN_DNSWL_LOW, SPF_HELO_NONE, SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: elfutils-devel@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Elfutils-devel mailing list List-Unsubscribe: , List-Archive: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Mar 2022 13:18:42 -0000 Hi Mark, > I guess the idea is that there could be an atoi implementation that > starts from the end of the string? But I think that is super unlikely > since atoi (and strtol) is defined on the initial portion of the > character array. The algorithm is described as working from the start > and once a valid digit is found any non-digit terminates the > algorithm, there seems to be no requirement that that char should be a > zero terminator. So I think that asan strict-string check is not > really correct. The idea behind strict_string_checks is to just warn about functions = expecting null-terminated strings that process (potentially) binary data and can = in theory get past the end of the buffers because of that. It just looks for nulls and if they = aren't there it complains. It's off by default because it tends to produce false positives. But I = think it's useful sometimes because for example as far as I can remember it was able to find real = heap-buffer-overflows in systemd at some point and it has been on on the CI there since "string" functions were = replaced with functions receiving buffers and their lengths. Then again, I agree it doesn't seem to make much = sense to make ASan happy here. Thanks, Evgeny Vereshchagin