From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED!not-for-mail From: Eli Zaretskii Newsgroups: gmane.emacs.devel Subject: Re: building/using address-sanitizer-enabled emacs? Date: Sat, 13 May 2017 11:02:38 +0300 Message-ID: <83shk989r5.fsf@gnu.org> References: <83a86lbffk.fsf@gnu.org> Reply-To: Eli Zaretskii NNTP-Posting-Host: blaine.gmane.org X-Trace: blaine.gmane.org 1494662627 5505 195.159.176.226 (13 May 2017 08:03:47 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Sat, 13 May 2017 08:03:47 +0000 (UTC) Cc: jim@meyering.net, emacs-devel@gnu.org To: Philipp Stephani Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Sat May 13 10:03:43 2017 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by blaine.gmane.org with esmtp (Exim 4.84_2) (envelope-from ) id 1d9S1e-0001KK-W3 for ged-emacs-devel@m.gmane.org; Sat, 13 May 2017 10:03:43 +0200 Original-Received: from localhost ([::1]:56623 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1d9S1k-0001ob-H9 for ged-emacs-devel@m.gmane.org; Sat, 13 May 2017 04:03:48 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:50777) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1d9S10-0001oF-UM for emacs-devel@gnu.org; Sat, 13 May 2017 04:03:03 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1d9S0x-0005ND-SG for emacs-devel@gnu.org; Sat, 13 May 2017 04:03:02 -0400 Original-Received: from fencepost.gnu.org ([2001:4830:134:3::e]:44271) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1d9S0x-0005N9-Ol; Sat, 13 May 2017 04:02:59 -0400 Original-Received: from 84.94.185.246.cable.012.net.il ([84.94.185.246]:3520 helo=home-c4e4a596f7) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1d9S0w-0003dn-G7; Sat, 13 May 2017 04:02:59 -0400 In-reply-to: (message from Philipp Stephani on Wed, 10 May 2017 22:24:49 +0000) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: "Emacs-devel" Xref: news.gmane.org gmane.emacs.devel:214809 Archived-At: > From: Philipp Stephani > Date: Wed, 10 May 2017 22:24:49 +0000 > Cc: jim@meyering.net, emacs-devel@gnu.org > > Please show the detailed analysis, as I looked into that once and > concluded that the code is correct. > > The full report is > > ================================================================= > ==31024==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7fff5fbfa690 at pc > 0x0001003e6baf bp 0x7fff5fbfa4f0 sp 0x7fff5fbfa4e8 > READ of size 2 at 0x7fff5fbfa690 thread T0 > #0 0x1003e6bae in conv_sockaddr_to_lisp src/process.c:2497:34 > [...] > The problem is here: > > struct sockaddr_in sa1; > socklen_t len1 = sizeof (sa1); > if (getsockname (s, (struct sockaddr *)&sa1, &len1) == 0) > contact = Fplist_put (contact, QClocal, > conv_sockaddr_to_lisp ((struct sockaddr *)&sa1, len1)); > > sockaddr_in is too small for IPv6 addresses, so getsockname doesn't fill it out completely. But > conv_sockaddr_to_lisp only looks at the address family and attempts to read out the entire IPv6 address, > reading past the sa1 variable memory. Thus this needs to be sockaddr_storage, which is guaranteed to be > large enough for all supported addresses. > Probably there should also be an eassert(len1 <= sizeof sa1) after the call to getsockname, just to make > sure. Indeed, I believe you are right.