Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The select and pselect6 syscall handlers may read invalid memory #2912

Open
stevenengler opened this issue May 8, 2023 · 0 comments
Open

The select and pselect6 syscall handlers may read invalid memory #2912

stevenengler opened this issue May 8, 2023 · 0 comments
Labels
Type: Bug Error or flaw producing unexpected results

Comments

@stevenengler
Copy link
Contributor

stevenengler commented May 8, 2023
edited

Shadow's select and pselect6 syscall handlers read file descriptor sets as fixed-sized fd_sets for the read, write, and err fd lists, but the syscalls should actually read them as a file descriptor sets with a length derived from nfds.

The Linux kernel allows file descriptor sets of arbitrary size, determining the length of the sets to be checked from the value of nfds. However, in the glibc implementation, the fd_set type is fixed in size.

If the application uses a buffer smaller than the size of fd_set, shadow will read invalid memory. Most applications use glibc so this is unlikely to be an issue in most cases.
@stevenengler stevenengler added the Type: Bug Error or flaw producing unexpected results label May 8, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Type: Bug Error or flaw producing unexpected results
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@stevenengler