[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Tinycc-devel] mksh fails to build with bound check

From: Thomas Preud'homme
Subject: Re: [Tinycc-devel] mksh fails to build with bound check
Date: Thu, 20 Mar 2014 22:20:21 +0800
User-agent: KMail/4.11.5 (Linux/2.6.38-ac2-ac100; KDE/4.11.5; armv7l; ; )

Le dimanche 19 janvier 2014, 17:03:32 Kirill Smelkov a écrit :

Hi Kirill,

> Sorry for being silent for so long. I've started looking into the
> problem today, but before I've ever got to mksh, I've found one new bug
> wrt bcheck which is now fixed. Could you please see, does it maybe fixes
> mksh? If not, I'm willing to continue digging, only it will be very
> slow, as my time is very tight this days...

I've looked into it this week and managed to fix one bug with regards to 
relocation of __bound_init (see commit 
ec1c83081dd741bd18ca1821bf52535c444dc111) but there is still at least one 
other bug. As I understand it the problem is that mksh loop over argv entries 
in main with something like "while (!*argv)". This triggers a segfault by 
bound_ptr_indir returning INVALID_POINTER. So I guess there is nothing right 
now to add argv[] and environ[] among the ok zones. I was thinking about doing 
it in __bound_init but there is some difficulty. From the environ variable it's 
easy to find the beginning and end of environ array by browsing it. 
Alternatively setenv of a new variable could do it in a faster way but there 
is the risk of the array to be already full so the browsing seems more 
reliable. The problem is to find the beginning and end of argv[]. For instance, 
I don't know if with address space randomization the environ follows 
immediately the end of argv (it seems to be the case on my machine). As to the 
beginning of argv, I can only think of taking the address of a local variable 
but that's only an approximation.

Alternatively, a different prologue could be generated for the main function 
that calls a __bound_new_argument_region that would take as parameter argv and 
then environ. What do you think about it? Do you feel like trying?

Best regards,


reply via email to

[Prev in Thread] Current Thread [Next in Thread]