Hi, > The ar_size field is a 10 character string, not zero terminated, of > decimal digits right padded with spaces. Make sure it actually starts > with a digit before calling atol on it. We already make sure it is > zero terminated. Otherwise atol might produce unexpected results.
As far as I can tell the patch fixes that particular issue. Thanks! On a somewhat related note, looking at https://sourceware.org/bugzilla/show_bug.cgi?id=24085 where read_long_names started appending a trailing '\0' to strings without trailing spaces only I wonder if it would be better to always append trailing zero bytes there? It would make ASan stop complaining about read_long_names with ASAN_OPTIONS=strict_string_checks=1 (which is supposed to look for places where strings without trailing zeroes are passed to functions expecting null-terminated strings). For example even with this patch applied run-arextract.sh seems to fail under ASAN with strict_string_checks=1: ``` ASAN_OPTIONS=strict_string_checks=1 make check TESTS=run-arextract.sh VERBOSE=1 ... ==126042==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffd5d103c7c at pc 0x7fe87890156d bp 0x7ffd5d103ab0 sp 0x7ffd5d103260 READ of size 15 at 0x7ffd5d103c7c thread T0 #0 0x7fe87890156c in StrtolFixAndCheck(void*, char const*, char**, char*, int) (/lib64/libasan.so.6+0x6b56c) #1 0x7fe878901865 in __interceptor_strtol (/lib64/libasan.so.6+0x6b865) #2 0x7fe87885ecf9 in atol /usr/include/stdlib.h:368 #3 0x7fe87885ecf9 in read_long_names /home/vagrant/oss-fuzz/projects/elfutils/elfutils/libelf/elf_begin.c:773 #4 0x7fe87885ecf9 in __libelf_next_arhdr_wrlock /home/vagrant/oss-fuzz/projects/elfutils/elfutils/libelf/elf_begin.c:919 #5 0x7fe87885fb25 in elf_next /home/vagrant/oss-fuzz/projects/elfutils/elfutils/libelf/elf_next.c:63 #6 0x401360 in main /home/vagrant/oss-fuzz/projects/elfutils/elfutils/tests/arextract.c:146 #7 0x7fe87867555f in __libc_start_call_main (/lib64/libc.so.6+0x2d55f) #8 0x7fe87867560b in __libc_start_main_alias_1 (/lib64/libc.so.6+0x2d60b) #9 0x401654 in _start (/home/vagrant/oss-fuzz/projects/elfutils/elfutils/tests/arextract+0x401654) Address 0x7ffd5d103c7c is located in stack of thread T0 at offset 284 in frame #0 0x7fe87885dbbf in __libelf_next_arhdr_wrlock /home/vagrant/oss-fuzz/projects/elfutils/elfutils/libelf/elf_begin.c:852 ``` (In this particular case it's a false positive because in practice it's safe to pass strings like that there though) Thanks, Evgeny Vereshchagin
