bug#49209: coreutils: stack out-of-bounds write in tail --follow

2021-06-28 Thread Pádraig Brady
On 27/06/2021 02:47, Paul Eggert wrote: On 6/24/21 8:50 AM, Paul Eggert wrote: inotify_init can return 1025 even if called first thing, so we also need to dup2 the result of early inotify_init down to 3 (or whatever), or at least to check that it's less than 1024. Choosing 3 is a tricky busines

bug#49209: coreutils: stack out-of-bounds write in tail --follow

2021-06-28 Thread Kamil Dudka
On Sunday, June 27, 2021 3:47:46 AM CEST Paul Eggert wrote: > When looking into this I decided it was cleaner to fix coreutils by > using 'poll' instead of 'select', as Kamil suggested. I installed the > attached patches to do that. The last patch fixes the bug. This works for me. Thank you for t

bug#49209: coreutils: stack out-of-bounds write in tail --follow

2021-06-26 Thread Paul Eggert
On 6/24/21 8:50 AM, Paul Eggert wrote: inotify_init can return 1025 even if called first thing, so we also need to dup2 the result of early inotify_init down to 3 (or whatever), or at least to check that it's less than 1024. Choosing 3 is a tricky business, since it's not clear what fds the C

bug#49209: coreutils: stack out-of-bounds write in tail --follow

2021-06-24 Thread Paul Eggert
On 6/24/21 7:50 AM, Pádraig Brady wrote: We should be able to inotify_init() earlier in the process to avoid this issue. inotify_init can return 1025 even if called first thing, so we also need to dup2 the result of early inotify_init down to 3 (or whatever), or at least to check that it's le

bug#49209: coreutils: stack out-of-bounds write in tail --follow

2021-06-24 Thread Kamil Dudka
On Thursday, June 24, 2021 4:50:25 PM CEST Pádraig Brady wrote: > Note the number of descriptors select() is waiting on in independent of the > number of files. We should be able to inotify_init() earlier in the process > to avoid this issue. I'll have a look. Good idea! This could make it work i

bug#49209: coreutils: stack out-of-bounds write in tail --follow

2021-06-24 Thread Pádraig Brady
On 24/06/2021 15:26, Kamil Dudka wrote: Hello, As originally reported by Stepan Broz (CC'd), tail --follow crashes when it is given too many files to follow, and ulimit -n is set to >1024. FD_SET(wd, &rfd) in tail_forever_inotify() writes beyond the stack-allocated variable in case wd >= FD_SET

bug#49209: coreutils: stack out-of-bounds write in tail --follow

2021-06-24 Thread Kamil Dudka
Hello, As originally reported by Stepan Broz (CC'd), tail --follow crashes when it is given too many files to follow, and ulimit -n is set to >1024. FD_SET(wd, &rfd) in tail_forever_inotify() writes beyond the stack-allocated variable in case wd >= FD_SETSIZE. Minimal example: # mkdir dir # cd