From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from gnu.wildebeest.org (gnu.wildebeest.org [45.83.234.184]) by sourceware.org (Postfix) with ESMTPS id 04BB33858C2C for ; Fri, 18 Mar 2022 11:44:26 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 04BB33858C2C Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=klomp.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=klomp.org Received: from reform (deer0x09.wildebeest.org [172.31.17.139]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by gnu.wildebeest.org (Postfix) with ESMTPSA id 8A886302FB81; Fri, 18 Mar 2022 12:44:24 +0100 (CET) Received: by reform (Postfix, from userid 1000) id 3F2772E81CC3; Fri, 18 Mar 2022 12:44:24 +0100 (CET) Date: Fri, 18 Mar 2022 12:44:24 +0100 From: Mark Wielaard To: Evgeny Vereshchagin Cc: elfutils-devel@sourceware.org, david korczynski Subject: Re: [PATCH 2/2] libelf: Make sure ar_size starts with a digit before calling atol. Message-ID: References: <20220317133051.100876-1-mark@klomp.org> <20220317133051.100876-3-mark@klomp.org> <96ECD2B9-C299-4285-9399-A3899F52D3BB@ya.ru> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <96ECD2B9-C299-4285-9399-A3899F52D3BB@ya.ru> X-Spam-Status: No, score=-3.8 required=5.0 tests=BAYES_00, KAM_DMARC_STATUS, SPF_HELO_NONE, SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: elfutils-devel@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Elfutils-devel mailing list List-Unsubscribe: , List-Archive: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Mar 2022 11:44:27 -0000 Hi Evgeny, On Fri, Mar 18, 2022 at 12:11:50PM +0300, Evgeny Vereshchagin wrote: > > The ar_size field is a 10 character string, not zero terminated, of > > decimal digits right padded with spaces. Make sure it actually starts > > with a digit before calling atol on it. We already make sure it is > > zero terminated. Otherwise atol might produce unexpected results. > > As far as I can tell the patch fixes that particular issue. Thanks! Thanks for testing. > On a somewhat related note, looking at > https://sourceware.org/bugzilla/show_bug.cgi?id=24085 where > read_long_names started appending a trailing '\0' to strings without > trailing spaces only I wonder if it would be better to always append > trailing zero bytes there? It would make ASan stop complaining about > read_long_names with ASAN_OPTIONS=strict_string_checks=1 (which is > supposed to look for places where strings without trailing zeroes > are passed to functions expecting null-terminated strings). I guess the idea is that there could be an atoi implementation that starts from the end of the string? But I think that is super unlikely since atoi (and strtol) is defined on the initial portion of the character array. The algorithm is described as working from the start and once a valid digit is found any non-digit terminates the algorithm, there seems to be no requirement that that char should be a zero terminator. So I think that asan strict-string check is not really correct. Also since the ar_size is defined as a character array that only contains digits and (right padded) spaces (but no zero terminator), we would have to copy the chars always if we would add a zero terminator. Which is very unlikely (except when the size is larger than 999999999 bytes, 953 MB. Cheers, Mark