https://github.com/oontvoo created https://github.com/llvm/llvm-project/pull/159588
If `pr_name` is longer than 16, it would be a non-null terminated string. Assigning it to `std::string m_executable_name` would cause an overflow read. Instead, just copy the name from thread_data.name. (Question: why is the new variable needed in the first place? can't the thread_data.name be used?) >From 973c220bd8dc406285d7400f55de5b5e0e0b396b Mon Sep 17 00:00:00 2001 From: Vy Nguyen <[email protected]> Date: Thu, 18 Sep 2025 10:38:51 -0400 Subject: [PATCH] [LLDB]Fix buffer-over-flow bug. If `pr_name` is longer than 16, it would be a non-null terminated string. Assigning it to `std::string m_executable_name` would cause an overflow read. Instead, just copy the name from thread_data.name. (Question: why is the new variable needed in the first place? can't the thread_data.name be used?) --- lldb/source/Plugins/Process/elf-core/ProcessElfCore.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lldb/source/Plugins/Process/elf-core/ProcessElfCore.cpp b/lldb/source/Plugins/Process/elf-core/ProcessElfCore.cpp index 8f5f1242116f5..38bf13543c617 100644 --- a/lldb/source/Plugins/Process/elf-core/ProcessElfCore.cpp +++ b/lldb/source/Plugins/Process/elf-core/ProcessElfCore.cpp @@ -952,7 +952,7 @@ llvm::Error ProcessElfCore::parseLinuxNotes(llvm::ArrayRef<CoreNote> notes) { return status.ToError(); thread_data.name.assign (prpsinfo.pr_fname, strnlen (prpsinfo.pr_fname, sizeof (prpsinfo.pr_fname))); SetID(prpsinfo.pr_pid); - m_executable_name = prpsinfo.pr_fname; + m_executable_name = thread_data.name; break; } case ELF::NT_SIGINFO: { _______________________________________________ lldb-commits mailing list [email protected] https://lists.llvm.org/cgi-bin/mailman/listinfo/lldb-commits
