[cctools] fix ar(1) crash without argument #2
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
In ar(1), strcmp() checks are used to determine the value of argument argv[1], even when no argument is given. In the past, they were possibly harmless out-of-bound reads and comparison with garbage, without consequences. However, running it on macOS 13 w/ Apple Silicon immediately crashes it with Segmentation Fault, because argv[1] is now NULL and generates EXC_BAD_ACCESS in strcmp(). This commit checks whether argc is equal or greater than 2 before doing strcmp(). $ ./bin/ar Segmentation fault: 11 * thread grobian#1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x0) frame #0: 0x0000000193181460 libsystem_platform.dylib`_platform_strcmp + 144 libsystem_platform.dylib`: -> 0x193181460 <+144>: ldr q0, [x0], #0x10 0x193181464 <+148>: ldr q1, [x1], #0x10 0x193181468 <+152>: cmeq.16b v1, v0, v1 0x19318146c <+156>: and.16b v0, v0, v1 Target 0: (ar) stopped. (lldb) bt * thread grobian#1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x0) * frame #0: 0x0000000193181460 libsystem_platform.dylib`_platform_strcmp + 144 frame grobian#1: 0x0000000100006440 ar`main(argc=1, argv=0x000000016fdfef58) at ar.c:126:8 frame grobian#2: 0x0000000192e2be50 dyld`start + 2544 Signed-off-by: Yifeng Li <tomli@tomli.me>
|
I'm still waiting for this PR to be reviewed. |
|
thanks |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
In ar(1), strcmp() checks are used to determine the value of argument argv[1], even when no argument is given. In the past, they were possibly harmless out-of-bound reads and comparison with garbage, without consequences.
However, running it on macOS 13 w/ Apple Silicon immediately crashes it with Segmentation Fault, because argv[1] is now NULL and generates EXC_BAD_ACCESS in strcmp().
This commit checks whether argc is equal or greater than 2 before doing strcmp() to resolve Issue iains#7.