llvmbot wrote:
<!--LLVM PR SUMMARY COMMENT--> @llvm/pr-subscribers-lldb Author: David Spickett (DavidSpickett) <details> <summary>Changes</summary> As reported in https://github.com/llvm/llvm-project/issues/89710, the %s code used for `comm` could and probably does, overflow the buffer. Likely we haven't seen it cause problems because the following data is overwritten right afterwards. Also scanf isn't a great choice here as this `comm` can include many characters that might trip up %s. We don't actually use `comm`, so parse but don't store it so we're not overflowing anything. --- Full diff: https://github.com/llvm/llvm-project/pull/100387.diff 1 Files Affected: - (modified) lldb/source/Host/linux/Host.cpp (+3-5) ``````````diff diff --git a/lldb/source/Host/linux/Host.cpp b/lldb/source/Host/linux/Host.cpp index 5545f9ef4d70e..0bc736d90ea76 100644 --- a/lldb/source/Host/linux/Host.cpp +++ b/lldb/source/Host/linux/Host.cpp @@ -51,11 +51,9 @@ enum class ProcessState { Zombie, }; -constexpr int task_comm_len = 16; - struct StatFields { ::pid_t pid = LLDB_INVALID_PROCESS_ID; - char comm[task_comm_len]; + // comm char state; ::pid_t ppid = LLDB_INVALID_PROCESS_ID; ::pid_t pgrp = LLDB_INVALID_PROCESS_ID; @@ -100,8 +98,8 @@ static bool GetStatusInfo(::pid_t Pid, ProcessInstanceInfo &ProcessInfo, StatFields stat_fields; if (sscanf( Rest.data(), - "%d %s %c %d %d %d %d %d %u %lu %lu %lu %lu %lu %lu %ld %ld %ld %ld", - &stat_fields.pid, stat_fields.comm, &stat_fields.state, + "%d %*s %c %d %d %d %d %d %u %lu %lu %lu %lu %lu %lu %ld %ld %ld %ld", + &stat_fields.pid, /* comm, */ &stat_fields.state, &stat_fields.ppid, &stat_fields.pgrp, &stat_fields.session, &stat_fields.tty_nr, &stat_fields.tpgid, &stat_fields.flags, &stat_fields.minflt, &stat_fields.cminflt, &stat_fields.majflt, `````````` </details> https://github.com/llvm/llvm-project/pull/100387 _______________________________________________ lldb-commits mailing list lldb-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/lldb-commits
