https://bugs.kde.org/show_bug.cgi?id=514094
--- Comment #2 from Paul Floyd <[email protected]> --- The same problem exists with readlnkat using an absolute path (and probably any combination of dirfd being /, /proc, /proc/self, /proc/pid and the path being the relative remainder to /proc/pid/exe or /proc/self/exe, but that's a corner case that we don't handle at all). The man page says readlink() places the contents of the symbolic link pathname in the buffer buf, which has size bufsiz. readlink() does not append a terminating null byte to buf. It will (silently) truncate the contents (to a length of bufsiz characters), in case the buffer is too small to hold all of the contents. Since we aren't null terminating we may be within the letter of the law. I don't think that's a good enough excuse. Here is what is happening 1. PRE does its stuff 2. Valgrind does the client syscall which resolves the link to the tool exe 3. The post sees that it is a special case and does another syscall which resolves to the guest exename 4. The buffer gets overwritten without null termination. What we really need to do is to move the special case syscall to the PRE function. -- You are receiving this mail because: You are watching all bug changes.
