[GitHub] [nuttx] gneworld opened a new issue, #10569: system crash when execute any builtin cmd in procfs/pm

Sun, 10 Sep 2023 19:19:53 -0700 


gneworld opened a new issue, #10569:
URL: https://github.com/apache/nuttx/issues/10569

   Reproducible Steps:
   1. enable config CONFIG_LIBC_EXECFUNCS
   2. cd  /proc/pm
   3.  getprop
   
   system will crash with backtrace shows below
   
   [07/14 04:22:30] [10] [ap] elf_init: filename: getprop loadinfo: 0x3c2476c8
   [07/14 04:22:30] [10] [ap] procfs_open: Open 'pm/getprop'
   
   [07/14 04:22:30] [10] [ap] backtrace:
   [07/14 04:22:30] [10] [ap] [10] [<0x2c347b86>] backtrace_unwind+0x1da/0x1dc
   [07/14 04:22:30] [10] [ap] [10] [<0x2c32122c>] sched_backtrace+0x1c/0x30
   [07/14 04:22:30] [10] [ap] [10] [<0x2c336ae4>] sched_dumpstack+0x20/0x68
   [07/14 04:22:30] [10] [ap] [10] [<0x2c3426c6>] board_reset+0x22/0x2a8
   [07/14 04:22:30] [10] [ap] [10] [<0x2c31ea48>] _assert+0x198/0x278
   [07/14 04:22:30] [10] [ap] [10] [<0x2c3336a4>] __assert+0x8/0x10
   [07/14 04:22:30] [10] [ap] [10] [<0x2c32be3a>] pm_open+0xbe/0x110
   [07/14 04:22:30] [10] [ap] [10] [<0x2c3d5238>] procfs_open+0x20/0x30
   [07/14 04:22:30] [10] [ap] [10] [<0x2c3ced54>] file_open+0x154/0x178
   [07/14 04:22:30] [10] [ap] [10] [<0x2c3e57b6>] elf_init+0x2e/0x90
   [07/14 04:22:30] [10] [ap] [10] [<0x2c3e520e>] elf_loadbinary+0x16/0x90
   [07/14 04:22:30] [10] [ap] [10] [<0x2c3e4f78>] load_module+0x40/0x68
   [07/14 04:22:30] [10] [ap] [10] [<0x2c3e50c0>] exec_spawn+0x28/0xb0
   [07/14 04:22:30] [10] [ap] [10] [<0x2c323938>] posix_spawn+0x3c/0x84
   [07/14 04:22:30] [10] [ap] [10] [<0x2c348cd6>] exec_builtin+0xa2/0x100
   [07/14 04:22:30] [10] [ap] [10] [<0x2c34fc4e>] nsh_builtin+0x1e/0xe4
   [07/14 04:22:30] [10] [ap] [10] [<0x2c34aae2>] nsh_parse_command+0x69a/0xd74
   
   The value passed to the relpath variable is invalid, which ultimately leads 
to a system crash within the pm_open function call.   This incorrect path 
("/proc/pm/getprop") comes from the `file_open` call and is not subject to any 
validity checks in the current system.
   So how to  determine the validity of this relpath value? call procfs_stat in 
procfs_open is wacky, more over, procfs_stat also miss  to  determine the 
validity of this relpath value :(
   
   
![image](https://github.com/apache/nuttx/assets/30924021/58e6e832-018f-47e0-9903-c15512cefcc3)
   
![image](https://github.com/apache/nuttx/assets/30924021/afa212bd-c9c8-49e3-acd8-5b0dfa6836b6)
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to