mirror/i3
3
0
Fork 0
mirror of https://github.com/i3/i3.git synced 2025-10-30 03:42:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

main: debug build: Avoid buffer over-read and simplify (#6507)

Browse Source 
In theory, if `/proc/sys/kernel/core_pattern` is 1024 or more bytes, the
null character terminating the buffer can be overwritten.

Note: Found with [bugfinder](https://github.com/stanek-michal/bugfinder)
This commit is contained in:
Orestis Floros 2025-10-08 17:49:16 +02:00 committed by GitHub
parent 1cc2548027
commit 5c321cc582
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 13 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
src/main.c
View File

@ -551,30 +551,29 @@ int main(int argc, char *argv[]) {
if (is_debug_build()) { if (is_debug_build()) {
struct rlimit limit = {RLIM_INFINITY, RLIM_INFINITY}; struct rlimit limit = {RLIM_INFINITY, RLIM_INFINITY};
setrlimit(RLIMIT_CORE, &limit); setrlimit(RLIMIT_CORE, &limit);
LOG("CORE DUMPS: You are running a development version of i3, so coredumps were automatically enabled (ulimit -c unlimited).\n");
#ifdef __linux__
/* The following code is helpful, but not required. We thus dont pay /* The following code is helpful, but not required. We thus dont pay
* much attention to error handling, non-linux or other edge cases. */ * much attention to error handling, non-linux or other edge cases. */
LOG("CORE DUMPS: You are running a development version of i3, so coredumps were automatically enabled (ulimit -c unlimited).\n"); char *cwd = getcwd(NULL, 0);
size_t cwd_size = 1024; if (cwd != NULL) {
char *cwd = smalloc(cwd_size);
char *cwd_ret;
while ((cwd_ret = getcwd(cwd, cwd_size)) == NULL && errno == ERANGE) {
cwd_size = cwd_size * 2;
cwd = srealloc(cwd, cwd_size);
}
if (cwd_ret != NULL) {
LOG("CORE DUMPS: Your current working directory is \"%s\".\n", cwd); LOG("CORE DUMPS: Your current working directory is \"%s\".\n", cwd);
free(cwd);
} }
const size_t buffer_size = 1024;
char *buffer = scalloc(buffer_size, sizeof(char));
int patternfd; int patternfd;
if ((patternfd = open("/proc/sys/kernel/core_pattern", O_RDONLY)) >= 0) { if ((patternfd = open("/proc/sys/kernel/core_pattern", O_RDONLY)) >= 0) {
memset(cwd, '\0', cwd_size); if (read(patternfd, buffer, buffer_size - 1) > 0) {
if (read(patternfd, cwd, cwd_size) > 0) { /* a trailing newline is included in buffer */
/* a trailing newline is included in cwd */ LOG("CORE DUMPS: Your core_pattern is: %s", buffer);
LOG("CORE DUMPS: Your core_pattern is: %s", cwd);
} }
close(patternfd); close(patternfd);
} }
free(cwd); free(buffer);
#endif
} }
LOG("i3 %s starting\n", i3_version); LOG("i3 %s starting\n", i3_version);