from the AOSP gerrit (fixing internal bug 30074257). i've been meaning to look at this more closely for a couple of months, but haven't found the time. i too wasn't sure whether switching to memmove was actually the fix or just papering over a real problem...
Evgenii Stepanov has uploaded a new change for review. ( https://googleplex-android-review.git.corp.google.com/1504922 ) Change subject: Replace one memcpy with memmove. ...................................................................... Replace one memcpy with memmove. ASan says that memcpy in ps.c:767 may have overlapping input and output buffers. AddressSanitizer: memcpy-param-overlap: memory ranges [0x005579b8494b,0x005579b84953) and [0x005579b8494a, 0x005579b84952) overlap #0 0x7cdfb3d7cf in __asan_memcpy [asan_rtl] (discriminator 55) #1 0x5579b4baa3 in get_ps external/toybox/toys/posix/ps.c:767 #2 0x5579aeef2b in dirtree_handle_callback external/toybox/lib/dirtree.c:111 #3 0x5579aef0b7 in dirtree_recurse external/toybox/lib/dirtree.c:154 #4 0x5579aeefbf in dirtree_handle_callback external/toybox/lib/dirtree.c:114 #5 0x5579b48217 in ps_main external/toybox/toys/posix/ps.c:1219 #6 0x5579afb887 in toy_exec external/toybox/main.c:153 (discriminator 1) #7 0x5579afae2b in toybox_main external/toybox/main.c:166 (discriminator 1) #8 0x5579afba23 in main external/toybox/main.c:225 This does look intentional, so replacing memcpy with memmove. I'm not a 100% sure this is right though (not even 80%). Test: "adb shell ps" in a SANITIZE_TARGET=address build Change-Id: I7b1d8a251feaf8c4b7261a4bbb21bf742cdc3ff0 --- M toys/posix/ps.c 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/toys/posix/ps.c b/toys/posix/ps.c index 011a43e..5871f4c 100644 --- a/toys/posix/ps.c +++ b/toys/posix/ps.c @@ -764,7 +764,7 @@ } } if (i<len) len = i; - memcpy(buf, s, len); + memmove(buf, s, len); buf[len] = 0; } _______________________________________________ Toybox mailing list Toybox@lists.landley.net http://lists.landley.net/listinfo.cgi/toybox-landley.net
