On Sun, Jul 26, 2020 at 06:00:17PM +0800, oldk1331 wrote:
> Hi all,
>
> Today suddenly I can't launch FriCAS, it
> shows "*** buffer overflow detected ***:
> terminated Aborted".
>
> After some debugging, I found that sman
> calls function "open_server" in
> sockio-c.c#929:
>
> strcpy(server[1].addr.u_addr.sa_data, name);
>
> "sa_data" is char[14], and "name" is
> "/tmp/.i"+getpid(), so on my system PID is
> over a million, causing buffer overflow
> in strcpy.
>
> I wonder what's the best way to solve this
> issue, and other C-string buffer overflow
> in our code base.
I am not sure about best way. Pragmatically, something
like:
-- a/src/include/com.h
+++ b/src/include/com.h
@@ -70,6 +70,7 @@ typedef struct {
union {
struct sockaddr u_addr;
struct sockaddr_in i_addr;
+ char pad[32];
} addr;
char *host_name; /* name of foreign host if type == AF_INET */
} Sock;
should work. On Linux theoreticaly cleaner would be to use
'sockaddr_un' instead of 'sockaddr' (and include 'sys/un.h').
But Windows needs different declarations. Also, in 'sockio-c.c'
theorticaly it would be safer to write:
(struct sockaddr *)(&server[1].addr)
instead of '&server[1].addr.u_addr'.
--
Waldek Hebisch
--
You received this message because you are subscribed to the Google Groups
"FriCAS - computer algebra system" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to fricas-devel+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/fricas-devel/20200729022152.GA38001%40math.uni.wroc.pl.
