[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: building/using address-sanitizer-enabled emacs?
From: |
Eli Zaretskii |
Subject: |
Re: building/using address-sanitizer-enabled emacs? |
Date: |
Sat, 13 May 2017 11:02:38 +0300 |
> From: Philipp Stephani <address@hidden>
> Date: Wed, 10 May 2017 22:24:49 +0000
> Cc: address@hidden, address@hidden
>
> Please show the detailed analysis, as I looked into that once and
> concluded that the code is correct.
>
> The full report is
>
> =================================================================
> ==31024==ERROR: AddressSanitizer: stack-buffer-overflow on address
> 0x7fff5fbfa690 at pc
> 0x0001003e6baf bp 0x7fff5fbfa4f0 sp 0x7fff5fbfa4e8
> READ of size 2 at 0x7fff5fbfa690 thread T0
> #0 0x1003e6bae in conv_sockaddr_to_lisp src/process.c:2497:34
> [...]
> The problem is here:
>
> struct sockaddr_in sa1;
> socklen_t len1 = sizeof (sa1);
> if (getsockname (s, (struct sockaddr *)&sa1, &len1) == 0)
> contact = Fplist_put (contact, QClocal,
> conv_sockaddr_to_lisp ((struct sockaddr *)&sa1, len1));
>
> sockaddr_in is too small for IPv6 addresses, so getsockname doesn't fill it
> out completely. But
> conv_sockaddr_to_lisp only looks at the address family and attempts to read
> out the entire IPv6 address,
> reading past the sa1 variable memory. Thus this needs to be sockaddr_storage,
> which is guaranteed to be
> large enough for all supported addresses.
> Probably there should also be an eassert(len1 <= sizeof sa1) after the call
> to getsockname, just to make
> sure.
Indeed, I believe you are right.
- Re: building/using address-sanitizer-enabled emacs?, (continued)
- Re: building/using address-sanitizer-enabled emacs?, Eli Zaretskii, 2017/05/09
- Re: building/using address-sanitizer-enabled emacs?, Paul Eggert, 2017/05/16
- Re: building/using address-sanitizer-enabled emacs?, Eli Zaretskii, 2017/05/16
- Re: building/using address-sanitizer-enabled emacs?, Paul Eggert, 2017/05/17
- Re: building/using address-sanitizer-enabled emacs?, Eli Zaretskii, 2017/05/17
- Re: building/using address-sanitizer-enabled emacs?, Paul Eggert, 2017/05/17
- Re: building/using address-sanitizer-enabled emacs?, Eli Zaretskii, 2017/05/18
Re: building/using address-sanitizer-enabled emacs?, Philipp Stephani, 2017/05/09
- Re: building/using address-sanitizer-enabled emacs?, Eli Zaretskii, 2017/05/09
- Re: building/using address-sanitizer-enabled emacs?, Philipp Stephani, 2017/05/10
- Re: building/using address-sanitizer-enabled emacs?,
Eli Zaretskii <=
- [PATCH] Fix use of sockaddr_in, Philipp Stephani, 2017/05/13
- Re: [PATCH] Fix use of sockaddr_in, Eli Zaretskii, 2017/05/13
- Re: [PATCH] Fix use of sockaddr_in, Andreas Schwab, 2017/05/13
- Re: [PATCH] Fix use of sockaddr_in, Eli Zaretskii, 2017/05/13
- Re: [PATCH] Fix use of sockaddr_in, Andreas Schwab, 2017/05/13
- Re: [PATCH] Fix use of sockaddr_in, Eli Zaretskii, 2017/05/13
- Re: [PATCH] Fix use of sockaddr_in, Andreas Schwab, 2017/05/14
- Re: [PATCH] Fix use of sockaddr_in, Eli Zaretskii, 2017/05/14
- Re: [PATCH] Fix use of sockaddr_in, Paul Eggert, 2017/05/15
- Re: [PATCH] Fix use of sockaddr_in, Philipp Stephani, 2017/05/15