On Sun, Jul 26, 2020 at 06:00:17PM +0800, oldk1331 wrote: > Hi all, > > Today suddenly I can't launch FriCAS, it > shows "*** buffer overflow detected ***: > terminated Aborted". > > After some debugging, I found that sman > calls function "open_server" in > sockio-c.c#929: > > strcpy(server[1].addr.u_addr.sa_data, name); > > "sa_data" is char[14], and "name" is > "/tmp/.i"+getpid(), so on my system PID is > over a million, causing buffer overflow > in strcpy. > > I wonder what's the best way to solve this > issue, and other C-string buffer overflow > in our code base.
I am not sure about best way. Pragmatically, something like: -- a/src/include/com.h +++ b/src/include/com.h @@ -70,6 +70,7 @@ typedef struct { union { struct sockaddr u_addr; struct sockaddr_in i_addr; + char pad[32]; } addr; char *host_name; /* name of foreign host if type == AF_INET */ } Sock; should work. On Linux theoreticaly cleaner would be to use 'sockaddr_un' instead of 'sockaddr' (and include 'sys/un.h'). But Windows needs different declarations. Also, in 'sockio-c.c' theorticaly it would be safer to write: (struct sockaddr *)(&server[1].addr) instead of '&server[1].addr.u_addr'. -- Waldek Hebisch -- You received this message because you are subscribed to the Google Groups "FriCAS - computer algebra system" group. To unsubscribe from this group and stop receiving emails from it, send an email to fricas-devel+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/fricas-devel/20200729022152.GA38001%40math.uni.wroc.pl.