blob: 966a72147b6c3ef204bdfed6f358d3e0d1cae52c (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
|
readlink(2) returns incorrect size for /proc/self/exe
readlink(2) seems to ignore the size of supplied buffer for the resolved name and always returns the actual size of the resolved name instead.
Steps to reproduce:
```bash
echo '#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
int main(int argc, const char** argv)
{
if(argc < 2) exit(1);
char buf[1];
printf("%d\n", readlink(argv[1], buf, sizeof(buf)));
}' >test.c
# I used GCC mipsel cross-compiler to reproduce this bug
mipsel-linux-gnu-gcc-5.5 test.c -o a.out
echo "PWD: `pwd`"
qemu-mipsel ./a.out /proc/self/exe
```
Expected output (observed when running a.out natively on Linux 4.17 amd64):
```
PWD: /tmp/test
1
```
Output observed when running with qemu-mipsel 2.1.2:
```
PWD: /tmp/test
15
```
According to POSIX description of readlink [1], the function shall return the number of bytes written to the supplied buffer, which obviously cannot exceed size of the buffer.
Note that the bug is only reproduced with links within /proc filesystem; links to the regular files within /home are resolved normally.
The bug is present in qemu-mipsel 2.1.2:
# qemu-mipsel -version
qemu-mipsel version 2.1.2 (Debian 1:2.1+dfsg-12+deb8u6), Copyright (c) 2003-2008 Fabrice Bellard
[1]: http://pubs.opengroup.org/onlinepubs/009695399/functions/readlink.html
|